VRRPv3 Protocol Support

VRRPv3 protocol

Virtual Router Redundancy Protocol version 3 (VRRPv3) is a network protocol that

  • provides redundancy for default gateway devices

  • supports IPv4 and IPv6 address families, and

  • enables load sharing among multiple devices.

The VRRPv3 protocol comprises several key components to provide network redundancy and load balancing.

  • VRRP advertisements: Enable communication between VRRP devices to maintain network state.

  • VRRP groups: Organize multiple devices into redundancy sets.

  • VRRP device priority and preemption: Determine which device serves as the primary gateway and when role transitions occur.

  • VRRP preemption: Enables automatic takeover when a higher-priority device becomes available.

VRRP device priority and preemption

VRRP device priority and preemption is a category of the VRRP redundancy that:

  • determines the role each VRRP device plays,

  • dictates the behavior upon a primary virtual device failure, and

  • enables a higher-priority device to take over from a lower-priority device.

If a VRRP device owns the IP address of the virtual device and the IP address of the physical interface, this device functions as a primary virtual device. Priority also determines if a VRRP device functions as a virtual device backup and the order of ascendancy to becoming a primary virtual device if the primary virtual device fails. You can configure the priority of each virtual device backup with a value of 1 through 254 using the priority command.

By default, a preemptive scheme is enabled whereby a higher priority virtual device backup that becomes available takes over from the virtual device backup that was elected to become primary virtual device. You can disable this preemptive scheme using the no preempt command. If preemption is disabled, the virtual device backup that is elected to become primary virtual device remains the primary until the original primary virtual device recovers and becomes primary again.


Note

Preemption of a lower priority primary device is enabled with an optional delay.

VRRP device election based on priority

For example, if device A, the primary virtual device in a LAN topology, fails, an election process takes place to determine if virtual device backups B or C should take over.

  • If devices B and C are configured with the priorities of 101 and 100, respectively, device B is elected to become primary virtual device because it has the higher priority.

  • If devices B and C are both configured with the priority of 100, the virtual device backup with the higher IP address is elected to become the primary virtual device.

VRRP advertisements

VRRP advertisements are messages sent by the primary virtual device that:

  • communicate the priority and state of the primary virtual device,

  • are encapsulated into either IPv4 or IPv6 packets, and

  • are sent to the appropriate multicast address assigned to the VRRP group.

For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. The advertisements are sent every second by default and the interval is configurable.

VRRPv3 protocol restrictions

VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use over multi-access, multicast, or broadcast capable Ethernet LANs.

Enable VRRPv3 on a device

To activate VRRPv3 functionality on the device.

Perform these steps to enable VRRPv3 on a device.

Procedure

Step 1

Use the enable command to enter privileged EXEC mode.

Example:

Switch> enable

Step 2

Use the configure terminal command to enter global configuration mode.

Example:

Switch# configure terminal

Step 3

Use the fhrp version vrrp v3 command to configure VRRPv3 and VRRS.

Example:

Switch(config)# fhrp version vrrp v3

Step 4

Use the end command to return privileged EXEC mode.

Example:

Switch(config-if-vrrp)# end

Create and customize a VRRP group

You can establish a VRRP group and configure its operational parameters.

VRRP groups enable redundancy and load sharing for network devices.

Before you begin

Ensure VRRPv3 is enabled on the device

Procedure

Step 1

VRRP Group Creation

  1. Use the enable command to enter privileged EXEC mode.

    Example:

    Switch> enable

  2. Use the configure terminal command to enter global configuration mode.

    Example:

    Switch# configure terminal

  3. Use the fhrp version vrrp v3 command to enable the ability to configure VRRPv3 and VRRS.

    Example:

    Switch(config)# fhrp version vrrp v3

  4. Use the interface command to enter interface configuration mode.

    Example:

    Switch(config)# interface GigabitEthernet 1/0/1

  5. Use the vrrp group-id address-family {ipv4 | ipv6} command to create a VRRP group and enter VRRP configuration mode.

    Example:

    Switch(config-if)# vrrp 3 address-family ipv4

Step 2

VRRP group customization

  1. (Optional) Use the address ip-address [primary | secondary] command to specify a primary or secondary address for the VRRP group.

    Example:

    Switch(config-if-vrrp)# address 100.0.1.10 primary

    Note

     

    VRRPv3 for IPv6 requires that a primary virtual link-local IPv6 address is configured to allow the group to operate. After the primary link-local IPv6 address is established on the group, you can add the secondary global addresses.

  2. (Optional) Use the description group command to specify a description for the VRRP group.

    Example:

    Switch(config-if-vrrp)# description group 3

  3. (Optional) Use the match-address command to match secondary addresses in the advertisement packet against the configured address.

    Example:

    Switch(config-if-vrrp)# match-address

    Note

     

    Secondary address matching is enabled by default.

  4. (Optional) Use the preempt delay minimum command to enable preemption of lower priority primary Switch with an optional delay.

    Example:

    Switch(config-if-vrrp)# preempt delay minimum 30

    Note

     

    Preemption is enabled by default.

  5. (Optional) Use the priority command to specify the priority value of the VRRP group.

    Example:

    Switch(config-if-vrrp)# priority 3

    Note

     

    The priority of a VRRP group is 100 by default.

  6. (Optional) Use the timers advertise command to set the advertisement timer in milliseconds.

    Example:

    Switch(config-if-vrrp)# timers advertise 1000

    Note

     

    The advertisement timer is set to 1000 milliseconds by default.

Step 3

Operational VRRP settings

  1. (Optional) Use the vrrpv2 command to enable support for VRRPv2 configured Switches in compatibility mode.

    Example:

    Switch(config-if-vrrp)# vrrpv2

  2. (Optional) Use the vrrs leader command to specify a leader's name to be registered with VRRS and to be used by followers.

    Example:

    Switch(config-if-vrrp)# vrrs leader leader-1

    Note

     

    A registered VRRS name is unavailable by default.

  3. (Optional) Use the shutdown command to disable VRRP configuration for the VRRP group.

    Example:

    Switch(config-if-vrrp)# shutdown

    Note

     

    VRRP configuration is enabled for a VRRP group by default.

  4. (Optional) Use the end command to return to privileged EXEC mode.

    Example:

    Switch(config)# end

A VRRP group is created and configured according to specified parameters.

Configure the delay period before FHRP client initialization

You can set a delay before FHRP clients initialize on an interface.

This delay helps ensure network stability after an interface comes up.

Before you begin

Ensure VRRPv3 is enabled on the device.

Procedure

Step 1

Use the enable command to enter privileged EXEC mode.

Example:

Switch> enable

Step 2

Use the configure terminal command to enter global configuration mode.

Example:

Switch# configure terminal

Step 3

Use the fhrp version vrrp v3 command to configure VRRPv3 and VRRS.

Example:

Switch(config)# fhrp version vrrp v3

Step 4

Use the interface command to enter interface configuration mode.

Example:

Switch(config)# interface GigabitEthernet 1/0/1

Step 5

Use the fhrp delay {[minimum] [reload] seconds} command to specify the delay period for the initialization of FHRP clients after an interface comes up. The range is 0-3600 seconds.

Example:

Switch(config-if)# fhrp delay minimum 5

Step 6

Use the end command to return privileged EXEC mode.

Example:

Switch(config-if-vrrp)# end

VRRPv3 statistics details

You can view the status, configuration, and statistics details for a VRRP group using the show vrrp detail command. 

Switch# show vrrp detail

GigabitEthernet1/0/1- Group 3 - Address-Family IPv4

Description is "group 3" State is MASTER State duration 53.901 secs Virtual 
IP address is 100.0.1.10 Virtual MAC address is 0000.5E00.0103 
Advertisement interval is 1000 msec Preemption enabled, delay min 30 secs (0 msec remaining) 
Priority is 100 Master Router is 10.21.0.1 (local), 
priority is 100 Master Advertisement interval is 1000 msec (expires in 832 msec) 
VRRPv3 Advertisements: sent 61 (errors 0) - rcvd 0 VRRPv2 Advertisements: sent 0 (errors 0) - rcvd 0

VRRPv3 benefits

  • Network redundancy: Configures multiple devices as default gateways, eliminating single points of failure in a network.

  • Traffic load sharing: Distributes traffic from LAN clients across multiple devices for equitable load distribution.

  • Multiple virtual devices: It supports up to 255 virtual devices (VRRP groups) per physical interface, enabling extensive redundancy and load sharing in your LAN topology. In scaled environments, VRRS Pathways should be used in combination with VRRP control groups.

  • Multiple IP address management: It manages multiple IP addresses, including secondary addresses, allowing VRRP configuration on each subnet.


    Note

    To utilize secondary IP addresses in a VRRP group, a primary address must be configured on the same group.

  • Device preemption: It allows a higher-priority backup device to take over as primary from a lower-priority device.


    Note

    Preemption of a lower priority primary device is enabled with an optional delay.

  • Standard advertisement protocol: It uses dedicated IANA standard multicast addresses (224.0.0.18 for IPv4, FF02:0:0:0:0:0:0:12 for IPv6) for advertisements, minimizing network overhead and enabling accurate identification of VRRP packets. The IANA has assigned VRRP the IP protocol number 112.