VRRP

Problem

You want to implement VRRP on your Cisco router.

Solution

To configure Router1 to be the Master VRRP router, use the following set of commands and assign a higher priority level:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/1
Router1(config-if)#ip address 10.1.1.2 255.255.255.0
Router1(config-if)#vrrp 1 ip 10.1.1.1
Router1(config-if)#vrrp 1 preempt
Router1(config-if)#vrrp 1 priority 200
Router1(config-if)#end
Router1#

The configuration of the Backup VRRP router is identical, except the priority is set to a lower level:

Router2#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 10.1.1.3 255.255.255.0
Router2(config-if)#vrrp 1 ip 10.1.1.1
Router2(config-if)#vrrp 1 preempt
Router2(config-if)#vrrp 1 priority 150
Router2(config-if)#end
Router2#

 

Discussion

The VRRP configuration commands are very similar to the HSRP commands, which makes configuring VRRP quite easy if you're already familiar with HSRP. One noticeable difference is that the VRRP group numbers range from 1 to 255, instead of 0 to 255 (or 0 to 4,095 for HSRP Version 2), and you must supply a group number.

Another interesting difference is the way you modify the timers for VRRP. You are only allowed to modify the hello timer. The hold timer is calculated automatically:

Router1(config-if)#vrrp 1 timers advertise 2

By default, the hello timer is set to one second, and all routers within a particular VRRP group must use the same timer values. If not, then the VRRP routers within the group will not communicate with one another. The valid timer range is from 1 second to 255 seconds unless the msec keyword is usedthen the valid timer range is between 50 to 999 milliseconds:

Router1(config-if)#vrrp 1 timers advertise msec 50

One cool little VRRP feature is the ability to learn the configured timer interval from the master virtual router. By using the learn keyword, the backup virtual router will calculate its hello timer from its master advertisements:

Router1(config-if)#vrrp 1 timers learn

VRRP also supports authentication in the form of clear text passwords or MD5-encrypted passwords. The following is an example of how to configure clear text-based authentication:

Router1(config-if)#vrrp 1 authentication OREILLY

Even though MD5-encrypted passwords offer a much greater level of security, not all implementations support this feature because the RFC does not include MD5-encrypted authentication:

Router1(config-if)#vrrp 1 authentication md5 key-string OREILLY

One nice feature is the ability to add a description of each VRRP group. It allows you to add useful information about the VRRP group directly within the configuration and show commands.

Router1(config-if)#vrrp 1 description VRRP example for Cisco Cookbook

VRRP also allows you to track other objects and adjust VRRP priority levels according to tracked objects. In the following example, we track the presence of IP routing on interface Serial1/0 and the line-protocol status on interface Serial1/1:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#track 77 interface Serial1/0 ip routing
Router1(config-track)#exit
Router1(config)#track 88 interface Serial1/1 line-protocol 
Router1(config-track)#exit
Router1(config)#interface FastEthernet0/1 
Router1(config-if)#vrrp 1 track 77 decrement 100
Router1(config-if)#vrrp 1 track 88 decrement 100
Router1(config-if)#end
Router1#

For more information on object tracking, see Recipe 22.3.

To view the status of your VRRP configuration, use the show vrrp command:

Router1#show vrrp
FastEthernet0/1 - Group 1 
 State is Backup 
 Virtual IP address is 10.1.1.1
 Virtual MAC address is 0000.5e00.0101
 Advertisement interval is 2.000 sec
 Preemption enabled
 Priority is 0 (cfgd 200)
 Track object 77 state Down decrement 100
 Track object 88 state Down decrement 100
 Authentication MD5, key-string "oreilly"
 Master Router is 10.1.1.3, priority is 75 
 Master Advertisement interval is 2.000 sec
 Master Down interval is 6.218 sec (expires in 6.166 sec) Learning

Router1#

VRRP is an open standard that is implemented by many vendors. So at least in theory, you can use VRRP to share a virtual IP address with a nonCisco device. However, we urge some caution in doing this. In particular, the authentication features implemented by Cisco may not interoperate well with nonCisco equipment.

See Also

Recipe 22.3

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net