VRRP
Problem
You want to implement VRRP on your Cisco router.
Solution
To configure Router1 to be the Master VRRP router, use the following set of commands and assign a higher priority level:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#interface FastEthernet0/1 Router1(config-if)#ip address 10.1.1.2 255.255.255.0 Router1(config-if)#vrrp 1 ip 10.1.1.1 Router1(config-if)#vrrp 1 preempt Router1(config-if)#vrrp 1 priority 200 Router1(config-if)#end Router1#
The configuration of the Backup VRRP router is identical, except the priority is set to a lower level:
Router2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router2(config)#interface FastEthernet0/0 Router2(config-if)#ip address 10.1.1.3 255.255.255.0 Router2(config-if)#vrrp 1 ip 10.1.1.1 Router2(config-if)#vrrp 1 preempt Router2(config-if)#vrrp 1 priority 150 Router2(config-if)#end Router2#
Discussion
The VRRP configuration commands are very similar to the HSRP commands, which makes configuring VRRP quite easy if you're already familiar with HSRP. One noticeable difference is that the VRRP group numbers range from 1 to 255, instead of 0 to 255 (or 0 to 4,095 for HSRP Version 2), and you must supply a group number.
Another interesting difference is the way you modify the timers for VRRP. You are only allowed to modify the hello timer. The hold timer is calculated automatically:
Router1(config-if)#vrrp 1 timers advertise 2
By default, the hello timer is set to one second, and all routers within a particular VRRP group must use the same timer values. If not, then the VRRP routers within the group will not communicate with one another. The valid timer range is from 1 second to 255 seconds unless the msec keyword is usedthen the valid timer range is between 50 to 999 milliseconds:
Router1(config-if)#vrrp 1 timers advertise msec 50
One cool little VRRP feature is the ability to learn the configured timer interval from the master virtual router. By using the learn keyword, the backup virtual router will calculate its hello timer from its master advertisements:
Router1(config-if)#vrrp 1 timers learn
VRRP also supports authentication in the form of clear text passwords or MD5-encrypted passwords. The following is an example of how to configure clear text-based authentication:
Router1(config-if)#vrrp 1 authentication OREILLY
Even though MD5-encrypted passwords offer a much greater level of security, not all implementations support this feature because the RFC does not include MD5-encrypted authentication:
Router1(config-if)#vrrp 1 authentication md5 key-string OREILLY
One nice feature is the ability to add a description of each VRRP group. It allows you to add useful information about the VRRP group directly within the configuration and show commands.
Router1(config-if)#vrrp 1 description VRRP example for Cisco Cookbook
VRRP also allows you to track other objects and adjust VRRP priority levels according to tracked objects. In the following example, we track the presence of IP routing on interface Serial1/0 and the line-protocol status on interface Serial1/1:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#track 77 interface Serial1/0 ip routing Router1(config-track)#exit Router1(config)#track 88 interface Serial1/1 line-protocol Router1(config-track)#exit Router1(config)#interface FastEthernet0/1 Router1(config-if)#vrrp 1 track 77 decrement 100 Router1(config-if)#vrrp 1 track 88 decrement 100 Router1(config-if)#end Router1#
For more information on object tracking, see Recipe 22.3.
To view the status of your VRRP configuration, use the show vrrp command:
Router1#show vrrp FastEthernet0/1 - Group 1 State is Backup Virtual IP address is 10.1.1.1 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 2.000 sec Preemption enabled Priority is 0 (cfgd 200) Track object 77 state Down decrement 100 Track object 88 state Down decrement 100 Authentication MD5, key-string "oreilly" Master Router is 10.1.1.3, priority is 75 Master Advertisement interval is 2.000 sec Master Down interval is 6.218 sec (expires in 6.166 sec) Learning Router1#
VRRP is an open standard that is implemented by many vendors. So at least in theory, you can use VRRP to share a virtual IP address with a nonCisco device. However, we urge some caution in doing this. In particular, the authentication features implemented by Cisco may not interoperate well with nonCisco equipment.
See Also
Recipe 22.3