VRRP (Virtual Router Redundancy Protocol) is very similar to HSRP (Hot Standby Routing Protocol) and can be used to create a virtual gateway. If you don’t know why we use virtual gateways then I suggest to read my Introduction to virtual gateways first. Also make sure you check the HSRP lesson first since many of the things I describe there also apply to VRRP.
VRRP is very similar to HSRP; if you understood HSRP you’ll have no trouble with VRRP which is a standard protocol defined by the IETF in RFC 3768. Configuration-wise it’s pretty much the same but there are a couple of differences.
Let’s start with an overview:
| HSRP | VRRP | |
| Protocol | Cisco proprietary | IETF – RFC 3768 |
| Number of groups | 16 groups maximum | 255 groups maximum |
| Active/Standby | 1 active, 1 standby and multiple candidates. | 1 active and several backups. |
| Virtual IP Address | Different from real IP addresses on interfaces | Can be the same as the real IP address on an interface. |
| Multicast address | 224.0.0.2 | 224.0.0.18 |
| Tracking | Interfaces or Objects | Objects |
| Timers | Hello timer 3 seconds, hold time 10 seconds. | Hello timer 1 second, hold time 3 seconds. |
| Authentication | Supported | Not supported in RFC 3768 |
As you can see there are a number of differences between HSRP and VRRP. Nothing too fancy however. HSRP is a cisco proprietary protocol so you can only use it between Cisco devices.
Let’s see if we can configure it…
Configuration
This is the topology that I will use:
SW1 and SW2 are multilayer switches and their interfaces are configured as routed ports. We will create a virtual gateway using VRRP on the interfaces facing SW3:
SW1(config)#interface fa0/17
SW1(config-if)#vrrp 1 ip 192.168.1.3
SW1(config-if)#vrrp 1 priority 150
SW1(config-if)#vrrp 1 authentication md5 key-string mykeySW2(config-if)#interface fa0/19
SW2(config-if)#vrrp 1 ip 192.168.1.3
SW2(config-if)#vrrp 1 authentication md5 key-string mykey
Here’s an example how to configure VRRP. You can see the commands are pretty much the same but I didn’t type “standby” but vrrp. I have changed the priority on SW1 to 150 and I’ve enabled MD5 authentication on both switches.
SW1#
%VRRP-6-STATECHANGE: Fa0/17 Grp 1 state Init -> Backup
%VRRP-6-STATECHANGE: Fa0/17 Grp 1 state Backup -> MasterSW2#
%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Init -> Backup
%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Backup -> Master
%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Master -> Backup
You will see these messages pop-up in your console. VRRP uses different terminology than HSRP. SW1 has the best priority and will become the master router. SW2 will become a backup router. Let’s see what else we have:
SW1#show vrrp
FastEthernet0/17 - Group 1
State is Master
Virtual IP address is 192.168.1.3
Secondary Virtual IP address is 192.168.1.4
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Authentication MD5, key-string "mykey"
Master Router is 192.168.1.1 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 secSW2#show vrrp
FastEthernet0/19 - Group 1
State is Backup
Virtual IP address is 192.168.1.3
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-string "mykey"
Master Router is 192.168.1.1, priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.065 sec)
Use show vrrp to verify your configuration. The output looks similar to HSRP; one of the differences is that VRRP uses another virtual MAC address:
0000.5e00.01XX (where X = group number)
SW1(config)#interface fa0/17
SW1(config-if)#shutdown
We can shut the interface on SW1 so we can see that SW2 will take over.
SW1#
%VRRP-6-STATECHANGE: Fa0/17 Grp 1 state Master -> InitSW2#
%VRRP-6-STATECHANGE: Fa0/19 Grp 1 state Backup -> Master
Same principle…different terminology!
It is possible to configure load balancing for VRRP (or HSRP) but it doesn’t work on a “per packet” schedule or something. Instead, we have to use multiple group numbers. Let me show what I’m talking about:
SW1(config)#interface fa0/17
SW1(config-if)#vrrp 1 ip 192.168.1.3
SW1(config-if)#vrrp 1 priority 150
SW1(config-if)#vrrp 2 ip 192.168.1.4SW2(config-if)#interface fa0/19
SW2(config-if)#vrrp 1 ip 192.168.1.3
SW2(config-if)#vrrp 2 ip 192.168.1.4
SW2(config-if)#vrrp 2 priority 150
I created two groups so we have two virtual IP addresses:
• 192.168.1.3 and 192.168.1.4 are both virtual IP addresses we can use as a gateway.
• SW1 has the highest priority (150) for virtual IP address 192.168.1.3.
• SW2 has the highest priority (150) for virtual IP address 192.168.1.4.
• SW1 has the highest priority (150) for virtual IP address 192.168.1.3.
• SW2 has the highest priority (150) for virtual IP address 192.168.1.4.
You can now use 192.168.1.3 and 192.168.1.4 as default gateways for your computers and SW1 and SW2 will share the load. You can use this like I did to have load balancing within a VLAN or you can do this on a per VLAN basis.
This is all I have on VRRP for now. I hope you enjoyed this lesson!
No comments:
Post a Comment