For conceptual information, see "How VRRP Works" on page 173.This chapter describes how to configure the Virtual Router Redundancy Protocol (VRRP). VRRP allows a backup IP router to immediately take the place of a failed master router using the same IP and MAC addresses. A master router is a default router explicitly specified by end hosts.
For conceptual information, see "How VRRP Works" on page 173.
The procedures in this section describe how to configure VRRP.
VRRP supports the following media:
You cannot run the following protocols on the same router as VRRP:
VRRP can be used with IPv4 only.
Before beginning this procedure, complete the following tasks:
The owner router is always the master router when it is active. Assign a virtual router identifier (VRID) to the owner router using:
ADD !<port> -VRRP VRid <vrid> <IP address> [,<IP address>]
Where <port> is the port on which you define VRRP. Specify the port that is connected to the LAN.
<vrid> is any number between 1 and 255 that you want to identify the VRRP owner IP addresses. If you have more than one owner router on a LAN, you must use unique VRIDs.
<IP address> is the IP address or addresses that you have assigned to the port in the IP service. You can specify up to five addresses. This IP address will be used by the backup router when the owner router goes down.
If you have multiple subnets on the port, you can add more than one VRID if you want a separate backup router for each subnet. You can add multiple VRIDs per router as long as each VRID is unique.
Assign a backup router to the owner router using:
ADD !<port> -VRRP BackUp <vrid> <IP address> [,<IP address>]
Where <port> is the port on which you define VRRP. Specify the port that is connected to the LAN.
<vrid> is the VRID defined on the owner router.
<IP address> is the owner router IP address or addresses. The address must match the owner router IP address exactly. The backup router's own IP address, configured in the IP service, must have the same subnet as the owner router.
When the master router goes down, it stops sending VRRP packets, enabling the backup router to become the master router.
If you have more than one backup router, which router becomes the master is determined by the following settings:
The owner router is always master when it is active, because it is set for PreEmpt and has the highest priority (255).
If you have more than one backup router, it is recommended that you use the PRIOrity field to establish an order in which each backup router would become the master should the master router fail.
Figure 52 shows which router will become master when there are multiple backups.
Figure 52 VRRP Priorities
The highest priority backup router should have the lowest hold time. Set the hold time for the highest priority router, then set the hold time to be one second longer for the next priority router. Add one second for each succeeding router, in order of priority.
Set the amount of time before the backup router declares the master router to be down using:
SETDefault !<port> -VRRP HOldTime = <hold time>(3 to 255 seconds) <vrid>
Where <hold time> is a number from 3 to 255 in seconds. The hold time should be at least three times the advertisement interval (see "Setting the Advertisement Interval" on page 173). The default is 3.
If you want a backup router to become the master no matter what the hold time is, you can specify PreEmpt in the CONTrol parameter and assign it the highest priority using the PRIOrity parameter.
If you have more than one PreEmpt router, the PRIOrity determines which router becomes master. The priority is a value between 1 and 254.
The priority also determines the length of the skew time, which in conjunction with the hold time determines when the backup router can declare the master router down. If the priority is between 1 and 128, the skew time is 1 second. If the priority is between 129 and 254, the skew time is 500 ms. If the hold time is the same on two routers, but the priorities fall in different ranges, then the higher priority router will become master. If you have more than one router within a range, you cannot determine which router will become master. Because of the time on the NETBuilder bridge/router, the same [hold time + skew time] can vary as much as 500 ms. 3Com recommends setting the hold time itself at least one second apart to guarantee priority.
You can set the priority of a backup router to any number between 1 and 254 using:
SETDefault !<port> -VRRP PRIOrity = <priority number> <vrid>
Enable VRRP on each router using:
SETDefault !<port> -VRRP CONTrol = (Enable,[PreEmpt | NoPreEmpt]) <vrid>
PreEmpt allows a router that has a higher priority than the current master router to assume control as the master router. Because the owner router has the maximum priority, it is always the master router when it is active. You cannot set the owner router to NoPreEmpt. If you have more than one backup router, and you use NoPreEmpt (the default), the router will assume control only when the current master router fails, even if it has a higher priority. If you know that one backup router should always be the primary backup, you should specify PreEmpt in addition to giving it a high priority. If you do not have a strong preference, keep NoPreEmpt on all backup routers. NoPreEmpt reduces network instability caused by master router changes.
If the owner router goes down, and then comes up later, it will become the master router again without waiting for the backup to fail.
<vrid> is the VRID of the owner router.
If the master of the virtual router is not the owner router, that is the owner router is down, Ping/Telnet Virtual Router IP (VIP) will get no response. This behavior is also specified in the VRRP specification.
Before disabling/deleting a VRRP from the owner router, you must disable/delete the vrid from the backup routers. Failing to do so may cause the same IP address to be mapped to different MAC addresses on different nodes. This happens because the new master and the owner are both responding to the ARP rquest for the VIP. You may also see "Local-Col" displayed in response to a SHow -IP address command. The "Local-Col" will be cleared two hours after the problem is corrected (that is, after the vrid backup routers are disabled/deleted).
This section describes how to customize your VRRP configuration.
Set the interval between VRRP packets sent by the master router using:
SETDefault !<port> -VRRP AdvertisementInt = <adv_time>(1 to 127 seconds) <vrid>
Where <adv_time> is a number from 1 to 127 in seconds. The default is 1 second. You must set the advertisment interval to the same value on all routers associated with a VRID.
VRRP is a protocol between IP routers that allows backup routers to monitor the status of a master router. When the master router fails, the backup router can take over the function of the master router. The new master router keeps the IP and MAC address of the original master, so that hosts that are configured with a single default gateway do not have their network connectivity disrupted if the gateway fails.
With VRRP enabled, the master router sends out regular VRRP packets to indicate that it is alive. If the VRRP packets stop, the backup router adopts the IP and MAC address of the master, in addition to its own IP and MAC addresses. If you have more than one backup router, the router with the highest priority becomes the master router.
Each bridge/router running VRRP is either the owner or the backup router for a VRID. There can be only one owner for each VRID. The owner router owns the IP address, configured in the IP service, that is used by the backup router if the owner fails. The owner router is always the master router if it is active, because it has a higher priority than any backup router.
The MAC address used by the master router is 00-00-5E-00-01-<vrid>. Each VRID has one MAC address associated with it, so a router that has multiple VRIDs will have a different MAC address for each VRRP interface.
This section includes the following scenarios:
Figure 53 shows a basic VRRP setup with one gateway router connecting a LAN to the Internet. If port 1 goes down, the backup router becomes master.
Figure 53 Owner Router with One Backup Router
To configure VRRP on the network in Figure 53, follow these steps:
1 . On the owner router:
ADD !1 -VRRP VRid 1 144.232.29.1
SETDefault !1 -VRRP CONTrol = Enable 1
2 . On the backup router:
ADD !3 -VRRP BackUp 1 144.232.29.1
SETDefault !3 -VRRP CONTrol = Enable 1
If the owner router fails, the backup router automatically takes over using the IP address 144.232.29.1 and the MAC address 00-00-5E-00-01-01.
Figure 54 shows two LANs connected by a master router, with one backup router.
Figure 54 Two VRIDs on One Router Connecting Two LANs
To configure VRRP on the network in Figure 54, follow these steps:
1 . On router A:
ADD !1 -VRRP VRid 1 144.232.29.1
ADD !2 -VRRP VRid 2 139.215.65.3
SETDefault !1 -VRRP CONTrol = Enable 1
SETDefault !2 -VRRP CONTrol = Enable 2
2 . On router B:
ADD !3 -VRRP BackUp 1 144.232.29.1
ADD !5 -VRRP BackUp 2 139.215.65.3
SETDefault !3 -VRRP CONTrol = Enable 1
SETDefault !5 -VRRP CONTrol = Enable 2
If the master router fails, the backup router automatically takes over. Port 2 uses IP address 144.232.29.1 and MAC address 00-00-5E-00-01-01. Port 5 uses IP address 139.215.65.3 and MAC address 00-00-5E-00-01-02.
Figure 55 shows two routers sharing the network traffic on subnet 144.232.29.x. Half of the hosts have router A configured as the default gateway and the other half have router B as the default gateway. Each router is configured to back up the other if one fails.
Figure 55 Load Sharing with Redundancy
To configure VRRP on the network in Figure 55, follow these steps:
1 . On router A:
ADD !1 -VRRP VRid 1 144.232.29.1
ADD !1 -VRRP BackUp 2 144.232.29.23
SETDefault !1 -VRRP CONTrol = Enable 1
SETDefault !1 -VRRP CONTrol = Enable 2
2 . On router B:
ADD !3 -VRRP VRid 2 144.232.29.23
ADD !3 -VRRP BackUp 1 144.232.29.1
SETDefault !3 -VRRP CONTrol = Enable 2
SETDefault !3 -VRRP CONTrol = Enable 1
If router A fails, router B automatically takes over. Port 3 uses IP address 144.232.29.1 and MAC address 00-00-5E-00-01-01, in addition to its own IP and MAC addresses, 144.232.29.23 and 00-00-5E-00-01-02.
If router B fails, router A automatically takes over. Port 1 uses IP address 144.232.29.23 and MAC address 00-00-5E-00-01-02, in addition to its own IP and MAC addresses, 144.232.29.1 and 00-00-5E-00-01-01.
For more information about VRRP, point your browser at the following URL:
http://ds.internic.net/internet-drafts/draft-ietf-vrrp-spec-06.txt
![[previous]](../../../graphics/prev.gif)
![[next]](../../../graphics/next.gif)