Using VRRP on Ethernet Interfaces

2017-11-03 09:05:07

Problem

You want to set up a router to be a backup default gateway to provide redundancy in case the primary default gateway router goes down.

Solution

Use the Virtual Router Redundancy Protocol ( VRRP) to set up a master and a backup gateway. First set up the master gateway on one router:

[edit interfaces fe-1/0/0 unit 0 family inet address 10.0.2.2/24] aviva@RouterJ# set vrrp-group 1 virtual-address 10.0.2.100 aviva@RouterJ# set vrrp-group 1 priority 254 aviva@RouterJ# set vrrp-group 1 authentication-type md5 aviva@RouterJ# set vrrp-group 1 authentication-key $1991poPPi

Then set up the backup gateway on a second router:

[edit interfaces fe-1/0/0 unit 1 family inet address 10.0.2.1/24] aviva@RouterH# set vrrp-group 1 virtual-address 10.0.2.100 aviva@RouterH# set vrrp-group 1 authentication-type md5 aviva@RouterH# set vrrp-group 1 authentication-key $1991poPPi

Discussion

With VRRP, you create a master default gateway router, which is active, on the LAN and one or more backup gateways that can take over automatically if the master goes down. The master and backup gateways share the same virtual IP address, which is the address that is advertised to the hosts on the LAN. If one of the backups takes over, the hosts on the LAN can still reach the default gateway without needing to be reconfigured.

This recipe sets up VRRP group 1 that has one backup gateway. The shared virtual address is 10.0.2.100. The priority value (a value from1 to 255, with a default of 100) determines which router is the master and the order in which the backups take over. The router with the highest priority becomes the master. Notice that the backups must be on different routers than the master and than each other.

To check the configuration, use the show vrrp detail command. The following output shows that RouterJ is the master:

aviva@RouterJ> show vrrp Interface Unit Group Type Address Int state VR state Timer fe-1/0/0 0 1 lcl 10.0.2.2 up master A 0.736 vip 10.0.2.100

RouterH is the backup:

aviva@RouterH> show vrrp Interface Unit Group Type Address Int state VR state Timer fe-1/0/0 0 1 lcl 10.0.2.1 up backup D 3.443 vip 10.0.2.100 mas 10.0.2.2

The output on both routers shows the real (local) IP address and the virtual address (VIP). The backup's output also shows the real IP address of the master.

The show vrrp extensive command displays the protocol exchanges and master-backup transitions among the VRRP group. Here's the output on the current master:

aviva@RouterJ> show vrrp extensive Interface: fe-1/0/0.0, Interface index: 68, Groups: 1, Active : 1 Interface VRRP PDU statistics Advertisement sent : 392 Advertisement received : 0 Packets received : 0 No group match received : 0 Interface VRRP PDU error statistics Invalid IPAH next type received : 0 Invalid VRRP TTL value received : 0 Invalid VRRP version received : 0 Invalid VRRP PDU type received : 0 Invalid VRRP authentication type received: 0 Invalid VRRP IP count received : 0 Invalid VRRP checksum received : 0 Physical interface: fe-1/0/0, Unit: 0, Address: 10.0.2.2/24 Index: 68, SNMP ifIndex: 42, VRRP-Traps: disabled Interface state: up, Group: 1, State: master Priority: 254, Advertisement interval: 1, Authentication type: md5 Preempt: yes, Accept-data mode: no, VIP count: 1, VIP: 10.0.2.100 Advertisement timer: 0.658s, Master router: 10.0.2.2 Virtual router uptime: 00:08:22, Master router uptime: 00:08:19 Virtual MAC: 00:00:5e:00:01:01 Tracking: disabled Group VRRP PDU statistics Advertisement sent : 392 Advertisement received : 0 Group VRRP PDU error statistics Bad authentication type received: 0 Bad password received : 0 Bad MD5 digest received : 0 Bad advertisement timer received: 0 Bad VIP count received : 0 Bad VIPADDR received : 0 Group state transition statistics Idle to master transitions : 0 Idle to backup transitions : 1 Backup to master transitions : 1 Master to backup transitions : 0

Категории