VRRPv3 Protocol Support

VRRPv3 Protocol Support

Virtual Router Redundancy Protocol (VRRP) enables a group of devices to form a single virtual device to provide redundancy. The LAN clients can then be configured with the virtual device as their default gateway. The virtual device, representing a group of devices, is also known as a VRRP group. The VRRP version 3 (v3) Protocol Support feature provides the capability to support IPv4 and IPv6 addresses while VRRP version 2 (v2) only supports IPv4 addresses. This module explains concepts related to VRRPv3 and describes how to create and customize a VRRP group in a network. Benefits of using VRRPv3 Protocol Support include the following:
  • Interoperability in multi-vendor environments.

  • VRRPv3 supports usage of IPv4 and IPv6 addresses while VRRPv2 only supports IPv4 addresses

  • Improved scalability through the use of VRRS Pathways.


Note

In this module, VRRP and VRRPv3 are used interchangeably.


Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for VRRPv3 Protocol Support

  • VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use over multi-access, multicast, or broadcast capable Ethernet LANs.

  • VRRPv3 is supported on Ethernet, Fast Ethernet, Bridge Group Virtual Interface (BVI), and Gigabit Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs), VRF-aware MPLS VPNs, and VLANs.

  • Because of the forwarding delay that is associated with the initialization of a BVI interface, you must not configure the VRRPv3 advertise timer to a value lesser than the forwarding delay on the BVI interface. If you configure the VRRPv3 advertise timer to a value equal to or greater than the forwarding delay on the BVI interface, the setting prevents a VRRP device on a recently initialized BVI interface from unconditionally taking over the master role. Use the bridge forward-time command to set the forwarding delay on the BVI interface. Use the vrrp timers advertise command to set the VRRP advertisement timer.

  • VRRPv3 does not support Stateful Switchover (SSO).

  • Full network redundancy can only be achieved if VRRP operates over the same network path as the VRRS Pathway redundant interfaces. For full redundancy, the following restrictions apply:
    • VRRS pathways should not share a different physical interface as the parent VRRP group or be configured on a sub-interface having a different physical interface as the parent VRRP group.
    • VRRS pathways should not be configured on Switch Virtual Interface (SVI) interfaces as long as the associated VLAN does not share the same trunk as the VLAN on which the parent VRRP group is configured.

Information About VRRPv3 Protocol Support

VRRPv3 Benefits

Support for IPv4 and IPv6
VRRPv3 supports IPv4 and IPv6 address families while VRRPv2 only supports IPv4 addresses.

Note

When VRRPv3 is in use, VRRPv2 is unavailable. For VRRPv3 to be configurable, the fhrp version vrrp v3 command must be used in global configuration mode


Redundancy

VRRP enables you to configure multiple devices as the default gateway device, which reduces the possibility of a single point of failure in a network.

Load Sharing

You can configure VRRP in such a way that traffic to and from LAN clients can be shared by multiple devices, thereby sharing the traffic load more equitably between available devices.

Multiple Virtual Devices

VRRP supports up to 255 virtual devices (VRRP groups) on a device physical interface, subject to restrictions in scaling. Multiple virtual device support enables you to implement redundancy and load sharing in your LAN topology. In scaled environments, VRRS Pathways should be used in combination with VRRP control groups.

Multiple IP Addresses
The virtual device can manage multiple IP addresses, including secondary IP addresses. Therefore, if you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.

Note

To utilize secondary IP addresses in a VRRP group, a primary address must be configured on the same group.


Preemption
The redundancy scheme of VRRP enables you to preempt a virtual device backup that has taken over for a failing virtual device master with a higher priority virtual device backup that has become available.

Note

Preemption of a lower priority master device is enabled with an optional delay.


Advertisement Protocol

VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address for VRRP advertisements. For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. This addressing scheme minimizes the number of devices that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA has assigned VRRP the IP protocol number 112.

VRRP Device Priority and Preemption

An important aspect of the VRRP redundancy scheme is VRRP device priority. Priority determines the role that each VRRP device plays and what happens if the virtual device master fails.

If a VRRP device owns the IP address of the virtual device and the IP address of the physical interface, this device will function as a virtual device master.

Priority also determines if a VRRP device functions as a virtual device backup and the order of ascendancy to becoming a virtual device master if the virtual device master fails. You can configure the priority of each virtual device backup with a value of 1 through 254 using the priority command (use the vrrp address-family command to enter the VRRP configuration mode and access the priority option).

For example, if device A, the virtual device master in a LAN topology, fails, an election process takes place to determine if virtual device backups B or C should take over. If devices B and C are configured with the priorities of 101 and 100, respectively, device B is elected to become virtual device master because it has the higher priority. If devices B and C are both configured with the priority of 100, the virtual device backup with the higher IP address is elected to become the virtual device master.

By default, a preemptive scheme is enabled whereby a higher priority virtual device backup that becomes available takes over from the virtual device backup that was elected to become virtual device master. You can disable this preemptive scheme using the no preempt command (use the vrrp address-family command to enter the VRRP configuration mode, and enter the no preempt command). If preemption is disabled, the virtual device backup that is elected to become virtual device master remains the master until the original virtual device master recovers and becomes master again.


Note

Preemption of a lower priority master device is enabled with an optional delay.


VRRP Advertisements

The virtual device master sends VRRP advertisements to other VRRP devices in the same group. The advertisements communicate the priority and state of the virtual device master. The VRRP advertisements are encapsulated into either IPv4 or IPv6 packets (based on the VRRP group configuration) and sent to the appropriate multicast address assigned to the VRRP group. For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. The advertisements are sent every second by default and the interval is configurable.

Cisco devices allow you to configure millisecond timers, which is a change from VRRPv2. You need to manually configure the millisecond timer values on both the primary and the backup devices. The master advertisement value displayed in the show vrrp command output on the backup devices is always 1 second because the packets on the backup devices do not accept millisecond values.

You must use millisecond timers where absolutely necessary and with careful consideration and testing. Millisecond values work only under favorable circumstances. The use of the millisecond timer values is compatible with third party vendors, as long as they also support VRRPv3. You can specify a timer value between 100 milliseconds and 40000 milliseconds.

Information About VRRPv3 Protocol Support

VRRPv3 Benefits

Support for IPv4 and IPv6
VRRPv3 supports IPv4 and IPv6 address families while VRRPv2 only supports IPv4 addresses.

Note

When VRRPv3 is in use, VRRPv2 is unavailable. For VRRPv3 to be configurable, the fhrp version vrrp v3 command must be used in global configuration mode


Redundancy

VRRP enables you to configure multiple devices as the default gateway device, which reduces the possibility of a single point of failure in a network.

Load Sharing

You can configure VRRP in such a way that traffic to and from LAN clients can be shared by multiple devices, thereby sharing the traffic load more equitably between available devices.

Multiple Virtual Devices

VRRP supports up to 255 virtual devices (VRRP groups) on a device physical interface, subject to restrictions in scaling. Multiple virtual device support enables you to implement redundancy and load sharing in your LAN topology. In scaled environments, VRRS Pathways should be used in combination with VRRP control groups.

Multiple IP Addresses
The virtual device can manage multiple IP addresses, including secondary IP addresses. Therefore, if you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.

Note

To utilize secondary IP addresses in a VRRP group, a primary address must be configured on the same group.


Preemption
The redundancy scheme of VRRP enables you to preempt a virtual device backup that has taken over for a failing virtual device master with a higher priority virtual device backup that has become available.

Note

Preemption of a lower priority master device is enabled with an optional delay.


Advertisement Protocol

VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address for VRRP advertisements. For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. This addressing scheme minimizes the number of devices that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA has assigned VRRP the IP protocol number 112.

VRRP Device Priority and Preemption

An important aspect of the VRRP redundancy scheme is VRRP device priority. Priority determines the role that each VRRP device plays and what happens if the virtual device master fails.

If a VRRP device owns the IP address of the virtual device and the IP address of the physical interface, this device will function as a virtual device master.

Priority also determines if a VRRP device functions as a virtual device backup and the order of ascendancy to becoming a virtual device master if the virtual device master fails. You can configure the priority of each virtual device backup with a value of 1 through 254 using the priority command (use the vrrp address-family command to enter the VRRP configuration mode and access the priority option).

For example, if device A, the virtual device master in a LAN topology, fails, an election process takes place to determine if virtual device backups B or C should take over. If devices B and C are configured with the priorities of 101 and 100, respectively, device B is elected to become virtual device master because it has the higher priority. If devices B and C are both configured with the priority of 100, the virtual device backup with the higher IP address is elected to become the virtual device master.

By default, a preemptive scheme is enabled whereby a higher priority virtual device backup that becomes available takes over from the virtual device backup that was elected to become virtual device master. You can disable this preemptive scheme using the no preempt command (use the vrrp address-family command to enter the VRRP configuration mode, and enter the no preempt command). If preemption is disabled, the virtual device backup that is elected to become virtual device master remains the master until the original virtual device master recovers and becomes master again.


Note

Preemption of a lower priority master device is enabled with an optional delay.


VRRP Advertisements

The virtual device master sends VRRP advertisements to other VRRP devices in the same group. The advertisements communicate the priority and state of the virtual device master. The VRRP advertisements are encapsulated into either IPv4 or IPv6 packets (based on the VRRP group configuration) and sent to the appropriate multicast address assigned to the VRRP group. For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. The advertisements are sent every second by default and the interval is configurable.

Cisco devices allow you to configure millisecond timers, which is a change from VRRPv2. You need to manually configure the millisecond timer values on both the primary and the backup devices. The master advertisement value displayed in the show vrrp command output on the backup devices is always 1 second because the packets on the backup devices do not accept millisecond values.

You must use millisecond timers where absolutely necessary and with careful consideration and testing. Millisecond values work only under favorable circumstances. The use of the millisecond timer values is compatible with third party vendors, as long as they also support VRRPv3. You can specify a timer value between 100 milliseconds and 40000 milliseconds.

How to Configure VRRPv3 Protocol Support

Enabling and Verifying GLBP

Perform this task to enable GLBP on an interface and verify its configuration and operation. GLBP is designed to be easy to configure. Each gateway in a GLBP group must be configured with the same group number, and at least one gateway in the GLBP group must be configured with the virtual IP address to be used by the group. All other required parameters can be learned.

Before you begin

If VLANs are in use on an interface, the GLBP group number must be different for each VLAN.

Procedure
  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

interface type number

Example:

Device(config)# interface GigabitEthernet 1/0/1

Specifies an interface type and number, and enters interface configuration mode.

Step 4

ip address ip-address mask [secondary]

Example:

Device(config-if)# ip address 10.21.8.32 255.255.255.0

Specifies a primary or secondary IP address for an interface.

Step 5

glbp group ip [ip-address [secondary]]

Example:

Device(config-if)# glbp 10 ip 10.21.8.10

Enables GLBP on an interface and identifies the primary IP address of the virtual gateway.

  • After you identify a primary IP address, you can use the glbp group ip command again with the secondary keyword to indicate additional IP addresses supported by this group.

Step 6

end

Example:

Device(config-if)# end

Exits interface configuration mode, and returns the device to privileged EXEC mode.

Step 7

show glbp [interface-type interface-number] [group] [state] [brief]

Example:

Device(config)# show glbp GigabitEthernet 1/0/1 10

(Optional) Displays information about GLBP groups on a device.

  • Use the optional brief keyword to display a single line of information about each virtual gateway or virtual forwarder.

Example

In the following example, sample output is displayed about the status of the GLBP group, named 10, on the device:


Device# show glbp GigabitEthernet 1/0/1 10
GigabitEthernet1/0/1 - Group 10
  State is Active
    1 state change, last state change 00:04:52
  Virtual IP address is 10.21.8.10
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.608 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Preemption disabled
  Active is local
  Standby is unknown
  Priority 100 (default)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    ac7e.8a35.6364 (10.21.8.32) local
  There is 1 forwarder (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:04:41
    MAC address is 0007.b400.0a01 (default)
    Owner ID is ac7e.8a35.6364
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100

Creating and Customizing a VRRP Group

To create a VRRP group, perform the following task. Steps 6 to 14 denote customizing options for the group, and they are optional:

Procedure
  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

fhrp version vrrp v3

Example:

Device(config)# fhrp version vrrp v3

Enables the ability to configure VRRPv3 and VRRS.

Note 

When VRRPv3 is in use, VRRPv2 is unavailable.

The command fhrp version vrrp v2 is not supported though it is configurable.

Step 4

interface type number

Example:

Device(config)# interface GigabitEthernet 0/0/0 

Enters interface configuration mode.

Step 5

vrrp group-id address-family {ipv4 | ipv6}

Example:

Device(config-if)# vrrp 3 address-family ipv4 

Creates a VRRP group and enters VRRP configuration mode.

Step 6

address ip-address [primary | secondary]

Example:

Device(config-if-vrrp)# address 100.0.1.10 primary 

Specifies a primary or secondary address for the VRRP group.

Note 
VRRPv3 for IPv6 requires that a primary virtual link-local IPv6 address is configured to allow the group to operate. After the primary link-local IPv6 address is established on the group, you can add the secondary global addresses.
Step 7

description group-description

Example:

Device(config-if-vrrp)# description group 3 

(Optional) Specifies a description for the VRRP group.

Step 8

match-address

Example:

Device(config-if-vrrp)# match-address 

(Optional) Matches secondary address in the advertisement packet against the configured address.

  • Secondary address matching is enabled by default.

Step 9

preempt delay minimum seconds

Example:

Device(config-if-vrrp)# preempt delay minimum 30 

(Optional) Enables preemption of lower priority master device with an optional delay.

  • Preemption is enabled by default.

Step 10

priority priority-level

Example:

Device(config-if-vrrp)# priority 3 

(Optional) Specifies the priority value of the VRRP group.

  • The priority of a VRRP group is 100 by default.

Step 11

timers advertise interval

Example:

Device(config-if-vrrp)# timers advertise 1000 

(Optional) Sets the advertisement timer in milliseconds.

  • The advertisement timer is set to 1000 milliseconds by default.

Step 12

vrrpv2

Example:

Device(config-if-vrrp)# vrrpv2 

(Optional) Enables support for VRRPv2 configured devices in compatibility mode.

  • VRRPv2 is not supported.

Step 13

vrrs leader vrrs-leader-name

Example:

Device(config-if-vrrp)# vrrs leader leader-1 

(Optional) Specifies a leader's name to be registered with VRRS and to be used by followers.

  • A registered VRRS name is unavailable by default.

Step 14

shutdown

Example:

Device(config-if-vrrp)# shutdown 

(Optional) Disables VRRP configuration for the VRRP group.

  • VRRP configuration is enabled for a VRRP group by default.

Step 15

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Configuring the Delay Period Before FHRP Client Initialization

To configure the delay period before the initialization of all FHRP clients on an interface, perform the following task:

Procedure
  Command or Action Purpose
Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

fhrp version vrrp v3

Example:

Device(config)# fhrp version vrrp v3

Enables the ability to configure VRRPv3 and VRRS.

Note 

When VRRPv3 is in use, VRRPv2 is unavailable.

Step 4

interface type number

Example:

Device(config)# interface GigabitEthernet 0/0/0 

Enters interface configuration mode.

Step 5

fhrp delay {[minimum] [reload] seconds}

Example:

Device(config-if)# fhrp delay minimum 5 

Specifies the delay period for the initialization of FHRP clients after an interface comes up.

  • The range is 0-3600 seconds.

Step 6

end

Example:

Device(config)# end

Returns to privileged EXEC mode.

Configuration Examples for VRRPv3 Protocol Support

Example: Enabling VRRPv3 on a Device

The following example shows how to enable VRRPv3 on a device:

Device> enable
Device# configure terminal
Device(config)# fhrp version vrrp v3
Device(config-if-vrrp)# end
      

Example: Creating and Customizing a VRRP Group

The following example shows how to create and customize a VRRP group:

Device> enable
Device# configure terminal
Device(config)# fhrp version vrrp v3
Device(config)# interface GigabitEthernet 1/0/1
Device(config-if)# vrrp 3 address-family ipv4
Device(config-if-vrrp)# address 100.0.1.10 primary
Device(config-if-vrrp)# description group 3
Device(config-if-vrrp)# match-address  
Device(config-if-vrrp)# preempt delay minimum 30
Device(config-if-vrrp)# end
      

Note

In the above example, the fhrp version vrrp v3 command is used in the global configuration mode.


Example: Configuring the Delay Period Before FHRP Client Initialization

The following example shows how to configure the delay period before FHRP client initialization :

Device> enable
Device# configure terminal
Device(config)# fhrp version vrrp v3
Device(config)# interface GigabitEthernet 1/0/1
Device(config-if)# fhrp delay minimum 5
Device(config-if-vrrp)# end
      

Note

In the above example, a five-second delay period is specified for the initialization of FHRP clients after the interface comes up. You can specify a delay period between 0 and 3600 seconds.


Example: VRRP Status, Configuration, and Statistics Details

The following is a sample output of the status, configuration and statistics details for a VRRP group:

Device> enable
Device# show vrrp detail

 GigabitEthernet1/0/1 - Group 3 - Address-Family IPv4
  Description is "group 3"
  State is MASTER
  State duration 53.901 secs
  Virtual IP address is 100.0.1.10
  Virtual MAC address is 0000.5E00.0103
  Advertisement interval is 1000 msec
  Preemption enabled, delay min 30 secs (0 msec remaining)
  Priority is 100
  Master Router is 10.21.0.1 (local), priority is 100
  Master Advertisement interval is 1000 msec (expires in 832 msec)
  Master Down interval is unknown
  VRRPv3 Advertisements: sent 61 (errors 0) - rcvd 0
  VRRPv2 Advertisements: sent 0 (errors 0) - rcvd 0
  Group Discarded Packets: 0
    VRRPv2 incompatibility: 0
    IP Address Owner conflicts: 0
    Invalid address count: 0
    IP address configuration mismatch : 0
    Invalid Advert Interval: 0
    Adverts received in Init state: 0
    Invalid group other reason: 0
  Group State transition:
    Init to master: 0
    Init to backup: 1 (Last change Sun Mar 13 19:52:56.874)
    Backup to master: 1 (Last change Sun Mar 13 19:53:00.484)
    Master to backup: 0
    Master to init: 0
    Backup to init: 0

Device# exit
      

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Master Commands List, All Releases

FHRP commands

First Hop Redundancy Protocols Command Reference

Configuring VRRPv2

Configuring VRRP

Standards and RFCs

Standard/RFC

Title

RFC5798

Virtual Router Redundancy Protocol

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for VRRPv3 Protocol Support

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for VRRPv3 Protocol Support

Feature Name

Releases

Feature Information

VRRPv3 Protocol Support

Cisco IOS XE 3.6E

VRRP enables a group of devices to form a single virtual device to provide redundancy. The LAN clients can then be configured with the virtual device as their default gateway. The virtual device, representing a group of devices, is also known as a VRRP group. The VRRPv3 Protocol Support feature provides the capability to support IPv4 and IPv6 addresses.

In Cisco IOS Release Cisco IOS XE Release 3.6E, this feature is supported on the following platforms:

The following commands were introduced or modified: fhrp delay , show vrrp , vrrp address-family .

Glossary

Virtual IP address owner —The VRRP device that owns the IP address of the virtual device. The owner is the device that has the virtual device address as its physical interface address.

Virtual device —One or more VRRP devices that form a group. The virtual device acts as the default gateway device for LAN clients. The virtual device is also known as a VRRP group.

Virtual device backup —One or more VRRP devices that are available to assume the role of forwarding packets if the virtual device master fails.

Virtual device master —The VRRP device that is currently responsible for forwarding packets sent to the IP addresses of the virtual device. Usually, the virtual device master also functions as the IP address owner.

VRRP device —A device that is running VRRP.