RFC2338 VRRP

VRRP(Virtual Router Redundancy Protocol)
a standards-based,defined in IETF standard RFC 2338
VRRP is so similar to HSRP

VRRP group
　group numbers range=HSRP
VRRP role
　master router:等同於HSRP active router
　backup state:等同於HSRP all others
VRRP priority
　default priority和HSRP相等,都是100
　The one with the highest router priority VRRP group
　priority=0,表示固定為Backup status

virtual router MAC address
概念類似HSRP virtual MAC address,格式為0000.5e00.01xx,
ps:where xx is a two-digithex VRRP group number.

no tracking interfaces
VRRP has no mechanism for tracking interfaces to allow more capable routers to take over
the master role.
ps:
可透過建立Track的Profile來達成

VRRP advertisements
VRRP advertisements are sent at 1-second intervals.
只有Master Router會送advertisements
Backup routers optionally can learn the advertisement interval from the master router
ps:
VRRP sends its advertisements to the multicast destination address 224.0.0.18 , using IP protocol 112

VRRP Holdtime
Down Interval = 3* Advertisement Timer + Skew time
ps:Skew Time = 256-priority/256

Different between VRRP and HSRP
hollotime:VRRP is 1-second, HSRP is 3-second
VirtualIP: VRRP support, HSRP don’t support

……………………………………………………………………………………………………………….

Assign a VRRP router priority
(config-if)#vrrp < group> priority
Assign a virtual IP address.
(config-if)#vrrp < group> ip < ip-address> [secondary]
ex:
l3device_a的設定如下
l3device_a(config)# interface vlan 50
l3device_a(config-if)# ip address 192.168.1.10 255.255.255.0
l3device_a(config-if)# vrrp 1 priority 200
l3device_a(config-if)# vrrp 1 ip 192.168.1.1
l3device_b的設定如下
l3device_b(config)# interface vlan 50
l3device_b(config-if)# ip address 192.168.1.11 255.255.255.0
l3device_b(config-if)# vrrp 1 priority 100
l3device_b(config-if)# vrrp 1 ip 192.168.1.1

……….

其他設定

preempt
By default, all VRRP routers are configured to preempt the current master router if their priorities are greater

Disable preempting (default is to preempt).
(config-if)#no vrrp < group> preempt
Change the preempt delay (default 0 seconds).
(config-if)# vrrp < group> preempt [delay < seconds>]

…

Alter the advertisement timer
(config-if)#vrrp < group> timers advertise [msec] < interval>
Learn the advertisement interval from the master router.
(config-if)#vrrp < group> timers learn

…

Use authentication for advertisements.
(config-if)#vrrp < group> authentication < string>
認證方法有以下幾種
Plain-text
MD5 key-string
MD5 Key-chain

……………………………….

VRRP loadbalance
概念同HSRP
ex:
假設有1個switch連接l3device_a和l3device_b,並讓網路可以loadbalance，設定VRRP設定如下l3device_a的設定如下
l3device_a(config)# interface vlan 50
l3device_a(config-if)# ip address 192.168.1.10 255.255.255.0
l3device_a(config-if)# vrrp 1 priority 200
l3device_a(config-if)# vrrp 1 ip 192.168.1.1
l3device_a(config-if)# vrrp 2 priority 100
l3device_a(config-if)# vrrp 2 ip 192.168.1.2
l3device_a(config-if)# no vrrp 2 preempt
l3device_b的設定如下
l3device_b(config)# interface vlan 50
l3device_b(config-if)# ip address 192.168.1.11 255.255.255.0
l3device_b(config-if)# vrrp 1 priority 100
l3device_b(config-if)# vrrp 1 ip 192.168.1.1
l3device_b(config-if)# no vrrp 1 preempt
l3device_b(config-if)# vrrp 2 priority 200
l3device_b(config-if)# vrrp 2 ip 192.168.1.2
clients設定如下
將一部份pc的gateway設成vrrp group1的ip(192.168.1.1)
和另一部份pc設成vrrp group2的ip(192.168.1.2)

…………………………………..

display information about VRRP status
#show vrrp [brief]
ps
l3device_a# show vrrp brief 為例,畫面大致如下
Interface Grp Pri Time Own Pre State Master addr Group addr
Vlan50 1 200 3218 Y Master 192.168.1.10 192.168.1.1
Vlan50 2 100 3609 Backup 192.168.1.11 192.168.1.2
ps:
l3device_b# show vrrp brief 為例,畫面大致如下
Interface Grp Pri Time Own Pre State Master addr Group addr
Vlan50 1 100 3609 Backup 192.168.1.10 192.168.1.1
Vlan50 2 200 3218 Y Master 192.168.1.11 192.168.1.2
ps
l3device_a# show vrrp 為例,畫面大致如下
Vlan50 – Group 1
　State is Master
　Virtual IP address is 192.168.1.1
　Virtual MAC address is 0000.5e00.0101
　Advertisement interval is 1.000 sec
　Preemption is enabled
　　min delay is 0.000 sec
　Priority is 200
　Authentication is enabled
　Master Router is 192.168.1.10 (local), priority is 200
　Master Advertisement interval is 1.000 sec
　Master Down interval is 3.218 sec
Vlan50 – Group 2
　State is Backup
　Virtual IP address is 192.168.1.2
　Virtual MAC address is 0000.5e00.0102
　Advertisement interval is 1.000 sec
　Preemption is disabled
　Priority is 100
　Authentication is enabled
　Master Router is 192.168.1.11, priority is 200
　Master Advertisement interval is 1.000 sec
　Master Down interval is 3.609 sec
(expires in 2.977 sec)
ps:
l3device_b# show vrrp 為例,畫面大致如下
Vlan50 – Group 1
　State is Backup
　Virtual IP address is 192.168.1.1
　Virtual MAC address is 0000.5e00.0101
　Advertisement interval is 1.000 sec
　Preemption is disabled
　Priority is 100
　Authentication is enabled
　Master Router is 192.168.1.10, priority is 200
　Master Advertisement interval is 1.000 sec
　Master Down interval is 3.609 sec
　(expires in 2.833 sec)
Vlan50 – Group 2
　State is Master
　Virtual IP address is 192.168.1.2　
　Virtual MAC address is 0000.5e00.0102
　Advertisement interval is 1.000 sec
　Preemption is enabled
　　min delay is 0.000 sec
　Priority is 200
　Authentication is enabled
　Master Router is 192.168.1.11 (local),priority is 200
　Master Advertisement interval is 1.000 sec
　Master Down interval is 3.218 sec