VRRP Basics
See details
Related commands
Create a VRRP backup group and configure a virtual IP address for the backup group
[SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.1.254Configure the priority of the router in the backup group
[SW1-Vlanif10]vrrp vrid 10 priority ?
INTEGER<1-254> The level of priority(default is 100)VRRP message format
VRRP has only one type of message, the Advertisement message, which is sent in multicast mode, so it can only be delivered in the same broadcast domain. The destination multicast address of the Advertisement message is 224.0.0.18.
Ver: VRRP currently has two versions. VRRPv2 is only applicable to IPv4 networks, and VRRPv3 is applicable to both IPv4 and IPv6 networks.
Virtual Rtr ID: The identifier of the virtual router associated with this message.
Priority: The priority of the VRRP router that sends the message. (Default value 100)
Count IP Addrs: The number of virtual IP addresses contained in the VRRP message.
Auth Type: VRRP supports three authentication types: no authentication, plain text password authentication, and MD5 authentication. The corresponding values are 0, 1, and 2 respectively.
Adver Int: The interval for sending VRRP notification messages. The default is 1 second
IP Address: The virtual IP address of the associated virtual router, which can be multiple.
Authentication Data: Password information required for verification.
Related commands
Modify MASTER device notification interval
[SW1-Vlanif10]vrrp vrid 10 timer advertise ?
INTEGER<1-255> Value of timer, in seconds(default is 1)Configure VRRP packet authentication
[SW1-Vlanif10]vrrp vrid 10 authentication-mode md5 ?
STRING<1-8>/<24> Password of MD5 authentication modePacket capture and observation
1 VRRP version: 2
2 VRID group number: 10
3 Priority: 100
4 Number of virtual IP addresses included: 1
5 Certification type: Not certified
6 Announcement interval: 1 second
7 Virtual IP address: 192.168.1.254
VRRP timer
During the working process of VRRP protocol, VRRP defines two timers
1 ADVER_INTERVAL timer: the time period for the Master to send VRRP notification messages. The default value is 1 second.
2 MASTER_DOWN timer: After the Backup device times out when listening to this timer, it will change to the Master state.
MASTER_DOWN timer calculation formula
MASTER_DOWN = (3* ADVER_INTERVAL) + Skew_time (offset time)
Skew_Time=(256–Priority)/256
VRRP state machine
The VRRP protocol state machine has three states: Initialize (initial state), Master (active state), and Backup (backup state).
VRRP protocol status
Master status
1 Send VRRP messages periodically (ADVER_INTERVAL).
2 Respond to the ARP request for the virtual IP address with the virtual MAC address.
3 Forward IP packets whose destination MAC address is the virtual MAC address.
4 By default, pinging the virtual IP address is allowed.
5 When multiple devices are Masters at the same time, if the device receives a packet with the same priority as its own, it will further compare the size of the IP address. If the source IP address of the received message is greater than its own, it switches to the Backup state, otherwise it remains in the Master state.
Backup status
1 Receive the VRRP packet sent by the Master device and determine whether the status of the Master device is normal.
2 Does not respond to ARP requests for virtual IP addresses.
3 Discard IP packets whose destination MAC address is the virtual MAC address.
4 Discard IP packets whose destination IP address is the virtual IP address.
5. If it receives a packet with the same priority as its own or a higher priority than its own, it resets the MASTER_DOWN timer and does not further compare the size of the IP address.
VRRP master and backup election
1 When the interface IP address is the same as the IP address of VRRP, the priority is 255 (cannot be manually configured to 255). There is no need to wait for any timer to expire, and you can directly switch to the Master state.
2 In addition to the above situation, the device first enters the Backup state after initialization, and the MASTER_DOWN timer starts counting. During the waiting time, if a message with a higher priority is received or a message with a larger IP address is received if the priority is the same. , it remains in the Backup state. On the contrary, when the MASTER_DOWN timer times out, it enters the Master state and continues to send messages to inform other devices according to the time interval of the ADVER_INTERVAL timer.
3 When the device is in the Master state and receives better packets, it stops sending packets and enters the Backup state.
4 When the master and backup elections are completed, the master router immediately sends free ARP packets to notify the virtual MAC address to the devices and hosts connected to it.
VRRP active/standby switchover
VRRP active/standby switchover is divided into two situations.
1 When the Master device voluntarily gives up its Master status (for example, the Master device exits the backup group), it will send a notification message with priority 0 to quickly switch the Backup device to the Master device. The switching time is Skew_time (less than 1 second).
2 When a network (link) failure occurs on the Master device and cannot send notification messages, the Backup device waits until the MASTER_DOWN timer times out and then switches the status to Master.
VRRP master/backup switchback
1 When the Master device fails, the network will re-elect the VRRP master and backup devices.
2 VRRP preemption mode (Preempt Mode)
Preemption mode (activated by default): If the Backup router activates the preemption function, when it finds that the Master router has a lower priority than itself, it will immediately switch to the Master state and become the new Master router. When the device is ready to switch, the total time is: 3xAdver_Interval+Skew_time+Delay_time
Non-preemption mode: If the Backup router does not activate the preemption function, even if it finds that the Master router has a lower priority than itself, it can only remain in the Backup state until the Master router fails.
Note: In preemption mode, when the master's device status is unstable or the network quality is poor, it will cause VRRP backup groups to switch frequently, causing terminal ARP entries to be frequently refreshed. To alleviate this problem, a preemption delay timer is usually set. Use the MASTER_INTERVAL timer timeout plus the delay time to determine that the status is stable before performing a master/backup switchback.
Related commands
Configure the preemption delay time of devices in the backup group
[SW1-Vlanif10]vrrp vrid 10 preempt-mode timer delay ?
INTEGER<0-3600> Value of timer, in seconds(default is 0)Configure the devices in the VRRP backup group to use non-preemption mode
[SW1-Vlanif10]vrrp vrid 10 preempt-mode disable VRRP load balancing
By creatingmultiple virtual routers, each physical router acts in a different VRRP group Different roles, the Virtual IP of different virtual routers can be used as different intranet gateway addresses to achieve traffic forwarding load sharing.
Configuration examples
Single device:
Turn 1 Master
Turn 2 Backup
VRRP monitors uplink ports
VRRP can monitor (Track) the status of the uplink port. When the device senses that the uplink port or link is faulty, it can actively reduce the VRRP priority, thereby ensuring that the Backup device with a normal uplink can switch to the Master state through election to guide packet forwarding. .
Note: If VRRP monitoring uplink port is not configured, when the uplink interface or link of the Master device in the VRRP backup group fails, the VRRP backup group cannot detect it and the Master cannot forward traffic to the outside. However, since the active/standby switch does not occur, a traffic black hole occurs.
Related commands
Configure VRRP backup group monitoring interface
[SW1-Vlanif10]vrrp vrid 10 track interface Vlanif 10 reduced ?
INTEGER<1-255> Reduced or increased value of priorityWhen a configurable device detects a failure on the upstream interface or link, it reduces (or increases) its own priority. IP address owners and Eth-trunk member interfaces are not allowed to configure the VRRP monitoring function.
Configure VRRP backup group to monitor routes
[SW1-Vlanif10]vrrp vrid 10 track ip route 1.1.1.1 24 reduced ?
INTEGER<1-255> Reduced or increased value of priorityIn addition to monitoring interfaces, you can also monitor specified routes.
Combined application of VRRP and MSTP
MSTP is an instance that maps one or more VLANs to a spanning tree. Several VLANs share a spanning tree, and MSTP can achieve load balancing.
VRRP configuration gateway can flexibly switch automatically according to network topology changes, improving network reliability.
VRRP+MSTP can achieve load sharing while ensuring network redundancy backup.
Configuration examples
SW1 configuration
Instance 1 vlan 10 primary
Instance 2 vlan 20 secondary
VRID 1 : Master
VRID 2 : Backup
SW2 configuration
Instance 1 vlan 10 secondary
Instance 2 vlan 20 primary
VRID 1 : Backup
VRID 2 : Master