- Virtual Router Redundancy Protocol Version 3 for IPv4 and IPv6 (VRRPv3) specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN
- The VRRP router controlling addresses associated with a virtual router is the Master, and it forwards packets sent to these addresses
- VRRP Backup routers assume forwarding responsibility for a virtual router should the current VRRP Master router fail
- Virtual Router support for IPv6 addresses
- For more on this, see RFC 5798 (VRRP Version 3 for IPv4 and IPv6)
ISC (Inter-Switch Connection)
- The ISC VLAN is a user-created point-to-point VLAN that carries MLAG control traffic between two MLAG peers
- This VLAN should be created on both MLAG peers and added to both sides of the port/LAG that directly connects them
- This VLAN should not carry any other traffic and should not be added to any other ports/LAGs
- The ISC must be a direct connection between two peers, intermediate switches may disrupt operation
- (Best Practice) Use a /30 subnet for this VLAN for efficiency
- (Best Practice) Use an LACP LAG for the ISC connection
Step 0. Create an ISC VLAN on both switches
0-1. Cs1
0-1. Cs1
create vlan isc
configure vlan isc tag 2
configure vlan isc add ports 69 tagged
configure vlan isc ipaddress 172.31.31.2 255.255.255.252
0-2. Cs2
create vlan isc
configure vlan isc tag 2
configure vlan isc add ports 69 tagged
configure vlan isc ipaddress 172.31.31.1 255.255.255.252
This ISC VLAN can be used for MLAG and VRRP.
* Best Practice: Set up the ISC connection with more than two ports as an LACP LAG.
enable sharing 69 grouping 69-70 algorithm address-based L3_L4 lacp
Step 1. Create a VLAN on MLAG peers and add ports to ISC link
create vlan vlan10 tag 10configure vlan vlan10 add ports 69 tagged
Step 2. Add an IP address to the VRRP VLAN on each MLAG Peers
configure vlan vlan10 ipaddress 192.0.2.2/24configure vlan vlan10 ipaddress 192.0.2.3/24
Step 3. Create a VRRP router instance on MLAG peers
create vrrp vlan vlan10 vrid 1Step 4. Add VIP to VRRP instance on each MLAG Peer
configure vrrp vlan vlan10 vrid 1 add 192.0.2.1Step 5. Configure a priority value on Master VRRP switch
configure vrrp vlan vlan10 vrid 1 priority 200The default priority is 100. Therefore, priority 200 (Switch 1) will be the Master in this case.
- Priorities
- The router with an IP address equal to the virtual IP address becomes master.
- If the virtual IP address is not owned by any of the VRRP routers, the highest configured priority becomes the master.
- If priorities are equal, then the higher IP address wins the election.
Step 6. Enable VRRP globally and on each VLAN
enable vrrpThe configuration commands for peer A are as follows:
create vlan vlan10 tag 10
configure vlan vlan10 ipaddress 192.0.2.2/24
enable ipforwarding vlan vlan10
configure vlan vlan10 add ports 69 tagged
create vrrp vlan vlan10 vrid 1
configure vrrp vlan vlan10 vrid 1 priority 200
configure vrrp vlan vlan10 vrid 1 add 192.0.2.1
enable vrrp
The configuration commands for peer B are as follows:
create vlan vlan10 tag 10
configure vlan vlan10 ipaddress 192.0.2.3/24
enable ipforwarding vlan vlan10
configure vlan vlan10 add ports 69 tagged
create vrrp vlan vlan10 vrid 1
configure vrrp vlan vlan10 vrid 1 add 192.0.2.1
enable vrrp
The VRRP peers send VRRP packets for a specified advertisement interval. The default value is 2 seconds so the below command will be added automatically.
configure vrrp vlan vlan10 vrid 1 advertisement-interval 2 seconds
The master down interval is based on the advertisement interval and skew time. When the backup router receives no VRRP packets during a master down interval, it becomes a master router.
Step 7. Check the VRRP state on both switches
You should be able to see the 'Master (MSTR)' state on Switch 1 and 'Backup (BKUP) state on Switch2.Switch1 # show vrrp
Virtual Master
VLAN Name VRID Pri IP Address State MAC Address TP/TR/TV/P/T /FR/G
vlan10(En) 0001 200 192.0.2.1 MSTR 00:00:5e:00:01:01 0 0 0 Y 2 N N
vlan20(En) 0001 200 10.10.10.1 MSTR 00:00:5e:00:01:01 0 0 0 Y 2 N N
En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs, FR-Fabric Routing,
G-Group
Total number of VRs : 2
Switch2 # show vrrp
Virtual Master
VLAN Name VRID Pri IP Address State MAC Address TP/TR/TV/P/T /FR/G
vlan10(En) 0001 100 192.0.2.1 BKUP 00:00:5e:00:01:01 0 0 0 Y 2 N N
vlan20(En) 0001 100 10.10.20.1 BKUP 00:00:5e:00:01:01 0 0 0 Y 2 N N
En-Enabled, Ds-Disabled, Pri-Priority, T-Advert Timer, P-Preempt
TP-Tracked Pings, TR-Tracked Routes, TV-Tracked VLANs, FR-Fabric Routing,
G-Group
Total number of VRs : 2
If the VRID is 1, the MAC address is 00:00:5e:00:01:01.
'show vrrp detail' command will show you some detail information.
Switch1 # show vrrp detail
VLAN: vlan10 VRID: 1 VRRP: Enabled State: MASTER
Virtual Router: VR-Default
Priority: 200(backup) Advertisement Interval: 2 sec
Version: v3-v2 Preempt: Yes Preempt Delay: 0 sec
Virtual IP Addresses:
192.0.2.1
Accept mode: Off Group : None
Host-Mobility: Off
Host-Mobility Exclude-Ports:
Checksum: Include pseudo-header
Tracking mode: ALL
Tracked Pings: -
Tracked IP Routes: -
Tracked VLANs: -
Fabric Routing: Off
VLAN: vlan20 VRID: 1 VRRP: Enabled State: MASTER
Virtual Router: VR-Default
Priority: 200(backup) Advertisement Interval: 2 sec
Version: v3-v2 Preempt: Yes Preempt Delay: 0 sec
Virtual IP Addresses:
10.10.20.1
Accept mode: Off Group : None
Host-Mobility: Off
Host-Mobility Exclude-Ports:
Checksum: Include pseudo-header
Tracking mode: ALL
Tracked Pings: -
Tracked IP Routes: -
Tracked VLANs: -
Fabric Routing: Off
* Additional Notes
- VRRP Things to Remember
- The virtual router MAC address is 00:00:5E:00:01:xx
- Duplicate virtual router IDs are allowed on the router, but not on the same interface.
- A maximum of 7 VRID instances are supported on the router.
- VRRP and Spanning Tree can be simultaneously enabled on the same switch.
- VRRP and ESRP cannot be simultaneously enabled on the same VLAN.
- Extreme Networks does not recommend enabling VRRP and ESRP on the same switch simultaneously.
* Related posts:
No comments:
Post a Comment