The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter contains the following sections:
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the Feature History table in this chapter.
VRRP allows for transparent failover at the first-hop IP router by configuring a group of routers to share a virtual IP address. VRRP selects a master router in that group to handle all packets for the virtual IP address. The remaining routers are in standby and take over if the master router fails.
A LAN client can determine which router should be the first hop to a particular remote destination by using a dynamic process or static configuration. Examples of dynamic router discovery are as follows:
Proxy ARP—The client uses Address Resolution Protocol (ARP) to get the destination it wants to reach, and a router responds to the ARP request with its own MAC address.
Routing protocol—The client listens to dynamic routing protocol updates (for example, from Routing Information Protocol [RIP]) and forms its own routing table.
ICMP Router Discovery Protocol (IRDP) client—The client runs an Internet Control Message Protocol (ICMP) router discovery client.
The disadvantage to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, if a router fails, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. Although, this approach simplifies client configuration and processing, it creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
 Note |
The VRRP IP address must be different to any physical IP address of the devices participating in the VRRP, otherwise the ARP or MAC entries will be corrupted and may cause forwarding problems. |
Because the virtual IP address uses the IP address of the physical Ethernet interface of Router A, Router A is the master (also known as the IP address owner). As the master, Router A owns the virtual IP address of the VRRP group and forwards packets sent to this IP address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
Routers B and C function as backups. If the master fails, the backup router with the highest priority becomes the master and takes over the virtual IP address to provide uninterrupted service for the LAN hosts. When router A recovers, it becomes the master again.
Note |
In Cisco NX-OS Release 4.1(2) and later, packets received on a routed port destined for the VRRP virtual IP address terminates on the local router, regardless of whether that router is the master VRRP router or a backup VRRP router. This includes ping and Telnet traffic. Packets received on a Layer 2 (VLAN) interface destined for the VRRP virtual IP address terminates on the master router. |
Redundancy—Enables you to configure multiple routers as the default gateway router, which reduces the possibility of a single point of failure in a network.
Load sharing—Allows traffic to and from LAN clients to be shared by multiple routers. The traffic load is shared more equitably among available routers.
Multiple VRRP groups—Supports up to 255 VRRP groups on a router physical interface if the platform supports multiple MAC addresses. Multiple VRRP groups enable you to implement redundancy and load sharing in your LAN topology.
Multiple IP addresses—Allows you to manage multiple IP addresses, including secondary IP addresses. If you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.
Preemption—Enables you to preempt a backup router that has taken over for a failing master with a higher priority backup router that has become available.
Advertisement protocol—Uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. IANA has assigned the IP protocol number 112 to VRRP.
VRRP tracking—Ensures that the best VRRP router is the master for the group by altering VRRP priorities based on interface states.
Router processing capability
Router memory capability
In a topology where multiple VRRP groups are configured on a router interface, the interface can act as a master for one VRRP group and as a backup for one or more other VRRP groups.
This topology contains two virtual IP addresses for two VRRP groups that overlap. For VRRP group 1, Router A is the owner of IP address 10.0.0.1 and is the master. Router B is the backup to Router A. Clients 1 and 2 are configured with the default gateway IP address of 10.0.0.1.
For VRRP group 2, Router B is the owner of IP address 10.0.0.2 and is the master. Router A is the backup to router B. Clients 3 and 4 are configured with the default gateway IP address of 10.0.0.2.
An important aspect of the VRRP redundancy scheme is the VRRP router priority because the priority determines the role that each VRRP router plays and what happens if the master router fails.
If a VRRP router owns the virtual IP address and the IP address of the physical interface, this router functions as the master. The priority of the master is 255.
Priority also determines if a VRRP router functions as a backup router and the order of ascendancy to becoming a master if the master fails.
For example, if Router A, the master in a LAN topology, fails, VRRP must determine if backups B or C should take over. If you configure Router B with priority 101 and Router C with the default priority of 100, VRRP selects Router B to become the master because it has the higher priority. If you configure routers B and C with the default priority of 100, VRRP selects the backup with the higher IP address to become the master.
VRRP uses preemption to determine what happens after a VRRP backup router becomes the master. With preemption enabled by default, VRRP switches to a backup if that backup comes online with a priority higher than the new master. For example, if Router A is the master and fails, VRRP selects Router B (next in order of priority). If Router C comes online with a higher priority than Router B, VRRP selects Router C as the new master, even though Router B has not failed.
If you disable preemption, VRRP switches only if the original master recovers or the new master fails.
VRRP interoperates with virtual port channels (vPCs). vPCs allow links that are physically connected to two different Cisco Nexus 7000 series devices to appear as a single port channel by a third device. See the Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide, for more information on vPCs.
vPC forwards traffic through both the master VRRP router as well as the backup VRRP router.
Note |
You should configure VRRP on the primary vPC peer device as active and VRRP on the vPC secondary device as standby. |
The VRRP master sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the master. Cisco NX-OS encapsulates the VRRP advertisements in IP packets and sends them to the IP multicast address assigned to the VRRP group. Cisco NX-OS sends the advertisements once every second by default, but you can configure a different advertisement interval.
No authentication
Plain text authentication
The authentication schemes differ on the router and in the incoming packet.
Text authentication strings differ on the router and in the incoming packet.
Native interface tracking—Tracks the state of an interface and uses that state to determine the priority of the VRRP router in a VRRP group. The tracked state is down if the interface is down or if the interface does not have a primary IP address.
Object tracking—Tracks the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group.
If the tracked state (interface or object) goes down, VRRP updates the priority based on what you configure the new priority to be for the tracked state. When the tracked state comes up, VRRP restores the original priority for the virtual router group.
For example, you may want to lower the priority of a VRRP group member if its uplink to the network goes down so another group member can take over as master for the VRRP group.
Note |
VRRP does not support Layer 2 interface tracking. |
VRRP version 3 (VRRPv3) enables a group of switches to form a single virtual switch in order to provide redundancy and reduce the possibility of a single point of failure in a network. The LAN clients can then be configured with the virtual switch as their default gateway. The virtual switch, representing a group of switches, is also known as a VRRPv3 group.
Virtual router redundancy service (VRRS) improves the scalability of VRRPv3 by providing a stateless redundancy service to VRRS pathways and VRRS clients by monitoring VRRPv3. VRRPv3 acts as a VRRS server that pushes VRRPv3 status information (such as current and previous redundancy states, active and inactive Layer 2 and Layer 3 addresses, and so on) to VRRS pathways and all registered VRRS clients.
VRRS clients are other Cisco processes or applications that use VRRPv3 to provide or withhold a service or resource dependent upon the state of the group. VRRS pathways are special VRRS clients that use the VRRS database information to provide scaled first-hop gateway redundancy across scaled interface environments.
VRRS by itself is limited to maintaining its own state. Linking a VRRS client to a VRRPv3 group provides a mechanism that allows VRRS to provide a service to client applications so that they can implement stateless or stateful failovers. A stateful failover requires communication with a nominated backup before the failure so that operational data is not lost when the failover occurs.
VRRS pathways operate in a similar way to clients but are integrated with the VRRS architecture. They provide a means to scale first-hop gateway redundancy by allowing you to configure a virtual address across hundreds of interfaces. The virtual gateway state of a VRRS pathway follows the state of a First-Hop Redundancy Protocol (FHRP) VRRS server.
VRRPv3 notifies VRRS of its current state (master, backup, or nonoperational initial state [INIT]) and passes that infromation to pathways or clients. The VRRPv3 group name activates VRRS and associates the VRRPv3 group with any clients or pathways that are configured as part of VRRS with the same name.
Pathways and clients act on the VRRPv3 server state. When a VRRPv3 group changes states, VRRS pathways and clients alter their behavior (performing tasks such as shutting down interfaces or appending accounting logs) depending on the state received from VRRS.
This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol that provides fast-forwarding and path-failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide, for more information.
VRRP supports high availability through stateful restarts and stateful switchovers. A stateful restart occurs when the VRRP process fails and is restarted. Stateful switchover occurs when the active supervisor switches to the standby supervisor. Cisco NX-OS applies the run-time configuration after the switchover.
VRRPv3 does not support stateful switchovers.
VRRP supports virtual routing and forwarding (VRF) instances. VRF exists within virtual device contexts (VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. If you change the VRF membership of an interface, Cisco NX-OS removes all Layer 3 configurations, including VRRP.
For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide and Configuring Layer 3 Virtualization.
This feature does not require a license. Any feature not included in a license package is bundled with the Cisco NX-OS system images and is provided at no extra charge to you. For a complete explanation of the Cisco NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide.
You cannot configure VRRP on the management interface.
When VRRP is enabled, you should replicate the VRRP configuration across devices in your network.
We recommend that you do not configure more than one first-hop redundancy protocol on the same interface.
You must configure an IP address for the interface where you configure VRRP and enable that interface before VRRP becomes active.
Cisco NX-OS removes all Layer 3 configurations on an interface when you change the interface VRF membership, port channel membership, or when you change the port mode to Layer 2.
When you configure VRRP to track a Layer 2 interface, you must shut down the Layer 2 interface and reenable the interface to update the VRRP priority to reflect the state of the Layer 2 interface
BFD for VRRP can only be configured between two routers.
The VRRP IP address must be different than any physical IP address of the devices participating in the VRRP, otherwise the ARP or MAC entries will be corrupted and may cause forwarding problems.
VRRPv3 has the following configuration guidelines and limitations:
VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use over multi-access, multicast, or broadcast-capable Ethernet LANs.
VRRPv3 is supported only on Ethernet and Fast Ethernet interfaces, bridge group virtual interfaces (BVIs), and Gigabit Ethernet interfaces as well as on Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), VRF-aware MPLS VPNs, and VLANs.
When VRRPv3 is in use, VRRPv2 is unavailable. To configure VRRPv3, you must disable any VRRPv2 configuration.
VRRS is currently available only for use with VRRPv3.
Use VRRPv3 millisecond timers only where absolutely necessary and with careful consideration and testing. Millisecond values work only under favorable circumstances. The millisecond timer values are compatible with third-party vendors, as long as they also support VRRPv3.
Full network redundancy can be achieved only if VRRPv3 operates over the same network path as the VRRS pathway redundant interfaces. For full redundancy, the following restrictions apply:
VRRS pathways should use the same physical interface as the parent VRRPv3 group or be configured on a subinterface with the same physical interface as the parent VRRPv3 group.
VRRS pathways can be configured on switch virtual interfaces (SVIs) only if the associated VLAN shares the same trunk as the VLAN on which the parent VRRPv3 group is configured.
| Parameters | Default |
|---|---|
|
Advertisement interval |
1 second |
|
Authentication |
No authentication |
|
Preemption |
Enabled |
|
Priority |
100 |
|
VRRP feature |
Disabled |
|
VRRPv3 |
Disabled |
|
VRRS |
Disabled |
|
VRRPv3 secondary address matching |
Enables |
|
Priority of a VRRPv3 group |
100 |
|
VRRPv3 advertisement timer |
1000 milliseconds |
Configuring VRRP
You must globally enable the VRRP feature before you configure and enable any VRRP groups.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# [no] feature vrrp |
Enables the VRRP feature. Use the no form of this command to disable this feature. Using the no form of this command will disable the feature in a VDC and remove all associated configurations. |
| Step 3 |
(Optional) switch(config)# copy running-config startup-config |
(Optional)
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
The following example enables VRRP:
switch # configure terminal
switch(config)# feature vrrp
switch(config)# copy running-config startup-configYou can create a VRRP group, assign the virtual IP address, and enable the group.
You can configure one virtual IPv4 address for a VRRP group. By default, the master VRRP router drops the packets addressed directly to the virtual IP address because the VRRP master is only intended as a next-hop router to forward packets. Some applications require that Cisco NX-OS accept packets addressed to the virtual router IP. Use the secondary option to the virtual IP address to accept these packets when the local router is the VRRP master.
Once you have configured the VRRP group, you must explicitly enable the group before it becomes active.
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you have configured an IP address on the interface.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrp number |
Creates a virtual router group. the range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrp)# address ip-address [secondary ] |
Configures the virtual IPv4 address for the specified VRRP group. This address should be in the same subnet as the IPv4 address of the interface. Use the secondary option only if applications require that VRRP routers accept the packets sent to the virtual router's IP address and deliver to applications. |
| Step 5 |
switch(config-if-vrrp)# no shutdown |
Enables the VRRP group. Disabled by default. |
| Step 6 |
switch(config-if-vrrp)# copy running-config startup-config |
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
| Step 7 |
(Optional) switch(config-if-vrrp)# show vrrp |
(Optional)
(Optional) Displays VRRP information. |
The following example enables VRRP:
switch # configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# vrrp 250
switch(config-if-vrrp)# address 192.0.2.8
switch(config-if-vrrp)# no shutdown
switch(config-if-vrrp)# copy running-config startup-config
switch(config-if-vrrp)# show vrrpThe valid priority range for a virtual router is from 1 to 254 (1 is the lowest priority and 254 is the highest). The default priority value for backups is 100. For devices whose interface IP address is the same as the primary virtual IP address (the master), the default value is 255.
If you configure VRRP on a vPC-enabled interface, you can optionally configure the upper and lower threshold values to control when to fail over to the vPC trunk. If the backup router priority falls below the lower threshold, VRRP sends all backup router traffic across the vPC trunk to forward through the master VRRP router. VRRP maintains this scenario until the backup VRRP router priority increases above the upper threshold.
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you have configured an IP address on the interface.
You must enable VRRP.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrp number |
Creates a virtual router group. the range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrp)# shutdown |
Disables the VRRP group. Disabled by default. |
| Step 5 |
switch(config-if-vrrp)# priority level [forwarding-threshold lower lower-value upper upper-value] |
Sets the priority level used to select the active router in a VRRP group. The level range is from 1 to 254. The default is 100 for backups and 255 for a master that has an interface IP address equal to the virtual IP address. Optionally, sets the upper and lower threshold values used by vPC to determine when to fail over to the vPC trunk. The lower-value range is from 1 to 255. The default is 1. The upper-value range is from 1 to 255. The default is 255. |
| Step 6 |
switch(config-if-vrrp)# no shutdown |
Enables the VRRP group. Disabled by default. |
| Step 7 |
switch(config-if-vrrp)# copy running-config startup-config |
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
| Step 8 |
(Optional) switch(config-if-vrrp)# show vrrp |
(Optional)
Displays VRRP information. |
The following example enables VRRP:
switch # configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# vrrp 250
switch(config-if)# shutdown
switch(config-if-vrrp)# priority 60 forwarding-threshold lower 40 upper 50
switch(config-if-vrrp)# no shutdown
switch(config)# copy running-config startup-config
switch(config-if-vrrp)# show vrrpYou can configure simple text authentication for a VRRP group.
Ensure that the authentication configuration is identical for all VRRP devices in the network.
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you have configured an IP address on the interface. See Configuring IPv4.
You must enable VRRP.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrp number |
Creates a virtual router group. The range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrp)# shutdown |
Disables the VRRP group. Disabled by default. |
| Step 5 |
switch(config-if-vrrp)# authentication text password |
|
| Step 6 |
switch(config-if-vrrp)# no shutdown |
Enables the VRRP group. Disabled by default. |
| Step 7 |
switch(config-if-vrrp)# copy running-config startup-config |
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
| Step 8 |
(Optional) switch(config-if-vrrp)# show vrrp |
(Optional)
Displays VRRP information. |
The following example enables VRRP:
switch # configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# vrrp 250
switch(config-if)# shutdown
switch(config-if-vrrp)# authentication text aPassword
switch(config-if-vrrp)# no shutdown
switch(config)# copy running-config startup-config
switch(config-if-vrrp)# show vrrpYou can configure the time intervals for advertisement packets.
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you have configured an IP address on the interface.
You must enable VRRP.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrp number |
Creates a virtual router group. The range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrp)# shutdown |
Disables the VRRP group. Disabled by default. |
| Step 5 |
switch(config-if-vrrp)# advertisement interval seconds |
|
| Step 6 |
switch(config-if-vrrp)# no shutdown |
Enables the VRRP group. Disabled by default. |
| Step 7 |
switch(config-if-vrrp)# copy running-config startup-config |
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
| Step 8 |
(Optional) switch(config-if-vrrp)# show vrrp |
(Optional)
Displays VRRP information. |
The following example enables VRRP:
switch # configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# vrrp 250
switch(config-if)# shutdown
switch(config-if-vrrp)# advertisement-interval 15
switch(config-if-vrrp)# no shutdown
switch(config)# copy running-config startup-config
switch(config-if-vrrp)# show vrrpYou must enable VRRP.
Ensure that you have configured an IP address on the interface.
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrp number |
Creates a virtual router group. The range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrp)# shutdown |
Disables the VRRP group. Disabled by default. |
| Step 5 |
switch(config-if-vrrp)# no preempt |
|
| Step 6 |
switch(config-if-vrrp)# no shutdown |
Enables the VRRP group. Disabled by default. |
| Step 7 |
switch(config-if-vrrp)# copy running-config startup-config |
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
| Step 8 |
(Optional) switch(config-if-vrrp)# show vrrp |
(Optional)
Displays VRRP information. |
The following example enables VRRP:
switch # configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# vrrp 250
switch(config-if)# shutdown
switch(config-if-vrrp)# no preempt
switch(config-if-vrrp)# no shutdown
switch(config)# copy running-config startup-config
switch(config-if-vrrp)# show vrrpInterface state tracking changes the priority of the virtual router based on the state of another interface in the device. When the tracked interface goes down or the IP address is removed, Cisco NX-OS assigns the tracking priority value to the virtual router. When the tracked interface comes up and an IP address is configured on this interface, Cisco NX-OS restores the configured priority to the virtual router.
Note |
For interface state tracking to function, you must enable preemption on the interface. |
Note |
VRRP does not support Layer 2 interface tracking. |
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Ensure that you have configured an IP address on the interface. See Configuring IPv4.
You must enable VRRP.
Ensure that you have enabled the virtual router.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface interface-type slot/port |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrp number |
Creates a virtual router group. The range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrp)# shutdown |
Disables the VRRP group. Disabled by default. |
| Step 5 |
switch(config-if-vrrp)# track interface type number priority value |
|
| Step 6 |
switch(config-if-vrrp)# no shutdown |
Enables the VRRP group. Disabled by default. |
| Step 7 |
switch(config-if-vrrp)# copy running-config startup-config |
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration. |
| Step 8 |
(Optional) switch(config-if-vrrp)# show vrrp |
(Optional)
Displays VRRP information. |
The following example enables VRRP:
switch # configure terminal
switch(config)# interface ethernet 2/1
switch(config-if)# vrrp 250
switch(config-if)# shutdown
switch(config-if-vrrp)# track interface ethernet 2/10 priority 254
switch(config-if-vrrp)# no shutdown
switch(config)# copy running-config startup-config
switch(config-if-vrrp)# show vrrpYou must globally enable the VRRPv3 feature before you can configure and enable any VRRPv3 groups.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# feature vrrpv3 |
Enables VRRP version 3 and Virtual Router Redundancy Service (VRRS). The no form of this command disables VRRPv3 and VRRS in a VDC. If VRRPv2 is currently configured, use the no feature vrrp command in global configuration mode to remove the VRRPv2 configuration and then use the feature vrrpv3 command to enable VRRPv3. |
The following example shows how to enable VRRPv3:
switch# configure terminal
switch(config)# enable vrrpv3
You can create a VRRPv3 group, assign the virtual IP address, and enable the group.
Ensure that the VRRPv3 feature is enabled.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Ensure that you configure an IP address on the interface.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface type/number |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# vrrpv3 number address-family [ipv4 | ipv6 ] |
Creates a VRRPv3 group and enters VRRPv3 group configuration mode. The range is from 1 to 255. |
| Step 4 |
switch(config-if-vrrpv3-group)# address ip-address [primary | secondary ] |
(Optional) Specifies a primary or secondary IPv4 or IPv6 address for the VRRPv3 group. To utilize secondary IP addresses in a VRRPv3 group, you must first configure a primary IP address on the same group. |
| Step 5 |
switch(config-if-vrrpv3-group)# description description |
(Optional) Specifies a description for the VRRPv3 group. You can enter up to 80 alphanumeric characters. |
| Step 6 |
switch(config-if-vrrpv3-group)# match-address |
(Optional) Matches the secondary address in the advertisement packet against the configured address. |
| Step 7 |
switch(config-if-vrrpv3-group)# preempt [delay minimum seconds] |
(Optional) Enables preemption of a lower priority master switch with an optional delay. The range is from 0 to 3600. |
| Step 8 |
switch(config-if-vrrpv3-group)# priority level |
(Optional) Specifies the priority of the VRRPv3 group. The range is from 1 to 254. |
| Step 9 |
switch(config-if-vrrpv3-group)# timers advertise interval |
(Optional) Sets the advertisement timer in milliseconds. The range is from 100 to 40950. Cisco recommends that you set this timer to a value greater than or equal to 1 second. |
| Step 10 |
switch(config-if-vrrpv3-group)# vrrp2 |
(Optional) Enables support for VRRPv2 simultaneously, to ensure interoperability with devices that support only VRRPv2. VRRPv2 compatibility mode is provided to allow an upgrade from VRRPv2 to VRRPv3. This is not a full VRRPv2 implementation and should be used only to perform an upgrade. |
| Step 11 |
switch(config-if-vrrpv3-group)# vrrs leader vrrs-leader-name |
(Optional) Specifies a leader’s name to be registered with VRRS. |
| Step 12 |
switch(config-if-vrrpv3-group)# shutdown |
(Optional) Disables VRRP configuration for the VRRPv3 group. |
| Step 13 |
switch(config-if-vrrpv3-group)# show fhrp [interface-type interface-number] [verbose ] |
(Optional) Displays First Hop Redundancy Protocol (FHRP) information. Use the verbose keyword to view detailed information. |
| Step 14 |
switch(config-if-vrrpv3-group)# copy running-config startup-config |
(Optional) Saves this configuration change. |
The following example shows how to create a VRRPv3 group:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# vrrpv3 5 address-family ipv4
switch(config-if)# hsrp version 2
switch(config-if-vrrpv3-group)# address 100.0.1.10 primary
switch(config-if-vrrpv3-group)# description group3
switch(config-if-vrrpv3-group)# match-adress
switch(config-if-vrrpv3-group)# preempt delay minimum 30
switch(config-if-vrrpv3-group)# priority 3
switch(config-if-vrrpv3-group)# timers advertise 1000
switch(config-if-vrrpv3-group)# vrrp2
switch(config-if-vrrpv3-group)# vrrs leader leader1
switch(config-if-vrrpv3-group)# shutdown
switch(config-if-vrrpv3-group)# show fhrp ethernet 1/2 verbose
switch(config-if-vrrpv3-group)# show running-config startup-config| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# fhrp delay {[minimum ] [reload ] seconds} |
Specifies the delay period for the initialization of FHRP clients. The range is from 0 to 3600 seconds. The minimum keyword configures the delay period after an interface beomes available. The reload command configures the delay period after the device reloads. |
| Step 3 |
switch(config)# copy running-config startup-config |
(Optional) Saves this configuration change. |
The following example shows how to configure the delay period for initializing FHRP clients:
switch# configure terminal
switch(config)# fhrp delay minimum 14
Ensure that the VRRPv3 feature is enabled.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Ensure that you configure an IP address on the interface.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface type/number |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# ip address ip address mask [secondary ] |
Configures the IP address on the interface. You can use the secondary keyword to configure additional IP addresses on the interface. |
| Step 4 |
switch(config-if)# vrrpv3 number address-family [ipv4 | ipv6 ] |
Creates a VRRPv3 group and enters VRRPv3 group configuration mode. The range is from 1 to 255. |
| Step 5 |
switch(config-if-vrrpv3-group)# address ip-address [primary | secondary ] |
(Optional) Specifies a primary or secondary IPv4 or IPv6 address for the VRRPv3 group. |
| Step 6 |
switch(config-if-vrrpv3-group)# vrrs leader vrrs-leader-name |
(Optional) Specifies a leader’s name to be registered with VRRS. |
| Step 7 |
switch(config-if-vrrpv3-group)# shutdown |
(Optional) Disables VRRP configuration for the VRRPv3 group. |
| Step 8 |
switch(config-if-vrrpv3-group)# show fhrp [interfice-type interface-number] [verbose ] |
(Optional) Displays First Hop Redundancy Protocol (FHRP) information. Use the verbose keyword to view detailed information |
| Step 9 |
switch(config-if-vrrpv3-group)# copy running-config startup-config |
(Optional) Saves this configuration change. |
The following example shows how to configure a VRRPv3 control group:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip address 209.165.200.230 255.255.255.224
switch(config-if)# vrrpv3 5 address-family ipv4
switch(cofig-if-vrrpv3-group)# address 209.165.200.227 primary
switch(cofig-if-vrrpv3-group)# vrrs leader leader1
witch(cofig-if-vrrpv3-group)# shutdown
switch(cofig-if-vrrpv3-group)# show fhrp ethernet 1/2 verbose
switch(cofig-if-vrrpv3-group)# show running-config startup-configYou can configure a Virtual Router Redundancy Service (VRRS) pathway. In scaled environments, VRRS pathways should be used in combination with VRRPv3 control groups.
Ensure that the VRRPv3 feature is enabled.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Ensure that you configure an IP address on the interface.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
switch# configure terminal |
Enters global configuration mode. |
| Step 2 |
switch(config)# interface type/number |
Enters interface configuration mode. |
| Step 3 |
switch(config-if)# ip address ip-address mask [secondary ] |
Configures the IP address on the interface. You can use the secondary keyword to configure additional IP addresses on the interface. |
| Step 4 |
switch(config-if)# vrrs pathway vrrs-tag |
Defines the VRRS pathway for a VRRS group and enters VRRS pathway configuration mode. The vrrs-tag argument specifies the name of the VRRS tag that is being associated with the pathway. |
| Step 5 |
switch(configif-vrrs-pw)# mac address {mac-address | inherit } |
Specifies a MAC address for the pathway. The inherit keyword causes the pathway to inherit the virtual MAC address of the VRRPv3 group with which the pathway is associated. |
| Step 6 |
switch(configif-vrrs-pw)# address ip-address |
Defines the virtual IPv4 or IPv6 address for a pathway. A VRRPv3 group is capable of controlling more than one pathway. |
| Step 7 |
switch(configif-vrrs-pw)# show vrrs pathway interface-type interface-number |
(Optional) Displays the VRRS pathway information for different pathway states, such as active, inactive, and not ready. |
| Step 8 |
switch(config-if-vrrs-pw)# copy running-config startup-config |
(Optional) Saves this configuration change. |
The following example shows how to configure VRRS pathways:
switch# configure terminal
switch(config)# interface ethernet 1/2
switch(config-if)# ip address 209.165.200.230 255.255.255.224
switch(config-if)# vrrs pathway path1
switch(config-if-vrrs-pw)# mac address fe24.fe24.fe24
switch(config-if-vrrs-pw)# address 209.165.201.10
switch(config-if-vrrs-pw)# show vrrs pathway ethernet 1/2
switch(config-if-vrrs-pw)# show running-config startup-configUse one of the following commands to verify the configuration:
|
Command |
Purpose |
|---|---|
| show vrrp |
Displays the VRRP status for all groups. |
| show vrrp vr group-number |
Displays the VRRP status for a VRRP group. |
| show vrrs client [client-name] |
Displays the VRRS client information. |
| show vrrs pathway [interface type/number] |
Displays the VRRS pathway information for different pathway states, such as active, inactive, and not ready. |
| show vrrs server |
Displays the VRRS server information. |
| show vrrs tag [tag-name] |
Displays the VRRS tag information. |
| show fhrp [interface-type interface-name] [verbose ] |
Displays First Hop Redundancy Protocol (FHRP) information. |
| show interface interface-type |
Displays the virtual router configuration for an interface. |
Use one of the following commands to display statistics about the feature:
|
Command |
Purpose |
|---|---|
| show vrrp statistics |
Displays the VRRP statistics. |
Use the clear vrrp vr command to clear the IPv4 VRRP statistics for the specified interface.
Use the clear vrrp statistics command to clear all the VRRP statistics for all interfaces in the device.
Use the clear vrrp ipv4 command to clear all the statistics for the specified IPv4 virtual router.
Virtual IP address is 10.1.0.10.
Router A will become the master for this group with priority 120.
Advertising interval is 3 seconds.
Preemption is enabled.
Group 5:
Router B will become the master for this group with priority 200.
Advertising interval is 30 seconds.
Preemption is enabled.
Router A will become the master for this group first because it has a higher IP address (10.1.0.2).
Advertising interval is the default 1 second.
Preemption is disabled.
switch (config)# interface ethernet 1/0
switch (config-if)# ip address 10.1.0.2/16
switch (config-if)# no shutdown
switch (config-if)# vrrp 1
switch (config-if-vrrp)# priority 120
switch (config-if-vrrp)# authentication text cisco
switch (config-if-vrrp)# advertisement-interval 3
switch (config-if-vrrp)# address 10.1.0.10
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 5
switch (config-if-vrrp)# priority 100
switch (config-if-vrrp)# advertisement-interval 30
switch (config-if-vrrp)# address 10.1.0.50
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 100
switch (config-if-vrrp)# no preempt
switch (config-if-vrrp)# address 10.1.0.100
switch (config-if-vrrp)# no shutdownswitch (config)# interface ethernet 1/0
switch (config-if)# ip address 10.2.0.1/2
witch (config-if)# no shutdown
switch (config-if)# vrrp 1
switch (config-if-vrrp)# priority 100
switch (config-if-vrrp)# authentication text cisco
switch (config-if-vrrp)# advertisement-interval 3
switch (config-if-vrrp)# address 10.2.0.10
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 5
switch (config-if-vrrp)# priority 200
switch (config-if-vrrp)# advertisement-interval 30
switch (config-if-vrrp)# address 10.2.0.50
switch (config-if-vrrp)# no shutdown
switch (config-if-vrrp)# exit
switch (config-if)# vrrp 100
switch (config-if-vrrp)# no preempt
switch (config-if-vrrp)# address 10.2.0.100
switch (config-if-vrrp)# no shutdown
This example shows how to enable VRRPv3 and create and customize a VRRPv3 group:
switch# configure terminal
switch(config)# feature vrrp
switch(config)# interface ethernet 4/6
switch (config-if)# vrrpv3 5 address-family ipv4
switch (config-if-vrrp3-group)# address 209.165.200.225 primary
switch (config-if-vrrp3-group)# description group3
switch (config-if-vrrp3-group)# match-address
switch (config-if-vrrp3-group)# preempt delay minimum 30
|
Related Topic |
Document Title |
|---|---|
|
Configuring the gateway load balancing protocol |
Configuring GLBP |
|
Configuring the hot standby routing protocol |
Configuring HSRP |
|
VRRP CLI commands |
Cisco Nexus 7000 Series Unicast Routing Command Reference |
|
Configuring high availability |
Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide |
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
VRRPv3 and VRRS |
6.2(2) |
These features were introduced. |
|
BFD for VRRP |
5.2(1) |
Added support for BFD. |
|
VRRP priority thresholds |
4.2(1) |
Added support for priority thresholds and vPC. |
|
VRRP object tracking |
4.2(1) |
Added support for tracking multiple object types in VRRP. |
|
VRRP |
4.0(1) |
This feature was introduced. |
Feedback