Hand-Picked Top-Read Stories
Trending Tags
1.6K views
No comments

Base Config: VRRP

Sander
11 October 2016
cisco-article
[fusion_text]First Hop Redundancy Protocol (FHRP) is a computer networking protocol which is designed to protect the default gateway used on a subnetwork by allowing two or more routers to provide backup for that address; in the event of failure of an active router, the backup router

will take over the address, usually within a few seconds. In practice, such protocols can also be used to protect other services operating on a single IP address, not just routers.

 

Cisco Hot-Standby Router Protocol (HSRP)
– Cisco proprietary
– Active-Standby (standby groups) one is active the other is standby
One is active other is in standby state
– hello timer – 3 seconds
– hold timer – 10 seconds

Virtual Router Redundancy Protocol (VRRP)
– IETF (multivendor)
– hello timer – 1 second
– hold timer – 3 seconds

Gateway Load Balancing Protocol (GLBP)
– Cisco proprietary
– Allows Active-Active Load-Balancing
One is assigned as active virtual gateway (AVG) that responds to ARP requests (load balanced mac replies)
Others act as active virtual forwarders (AVF)
– hello timer – 3 seconds
– hold timer – 10 seconds

Configure VRRP (base config)

In this configuration we are going to setup redundancy on the outgoing internet line, shown in this topology:

Click on image for lager picture

Start on Router1:

Linuxsource-Router1# enable
Linuxsource-Router1# configure terminal
Linuxsource-Router1(config)# interface fastEthernet 0/1
Linuxsource-Router1(config-if)# ip address 10.0.0.3 255.255.255.0
Linuxsource-Router1(config-if)# vrrp 1 ip 10.0.0.1
Linuxsource-Router1(config-if)# no shutdown
Linuxsource-Router1(config-if)# do write

%VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Init -> Master

View the VRRP config:

Linuxsource-Router1(config-if)# do show vrrp

FastEthernet0/1 - Group 1
  State is Master
  Virtual IP address is 10.0.0.1
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 255
  Master Router is 10.0.0.1 (local), priority is 255
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.003 sec

Go to Router2:

Linuxsource-Router1# enable
Linuxsource-Router1# configure terminal
Linuxsource-Router1(config)# interface fastEthernet 0/1
Linuxsource-Router1(config-if)# ip address 10.0.0.2 255.255.255.0
Linuxsource-Router1(config-if)# vrrp 1 ip 10.0.0.1
Linuxsource-Router1(config-if)# no shutdown
Linuxsource-Router1(config-if)# do write

%VRRP-6-STATECHANGE: Fa0/1 Grp 1 state Init -> Backup

Linuxsource-Router2(config-if)# do show vrrp
FastEthernet0/1 - Group 1
  State is Backup
  Virtual IP address is 10.0.0.1
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100
  Master Router is 10.0.0.1, priority is 255
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec (expires in 2.829 sec)

This router(2) is the backup router, because the virtual ip 10.0.0.1, was already defined on Router1, so he is the master by default.

 

Priority
The router with the highest priority, is the active router!
You can change the priority with the following command:

Linuxsource-Router(config-if)# vrrp 1 ip 10.0.0.1 100    <-- Value 100 can be changed from 1-254

 

When:
% tracking not supported on IP address owner 
Means that the ip on that interface is used as the virtual ip. (solution: change the ip on one of the interfaces)

Delay

You can set a delay before the failover is taking place.
This fresh rebooted router hasn’t got any routing table recieved by EIGRP, OSPF or other routing protocol.
You want the failover/fallback is being done, when the router is stable after 300 seconds. (and routing tables are filled)

Linuxsource-Router2(config-if)# vrrp 1 preempt delay minimum 300

Track(interface)

For example we want the failover taking place, when the line protocol of FastEthernet 0/0 is down.
Configure both routers, to monitor interface FastEthernet 0/0. (preemt is on by default when VRRP enabled)

Linuxsource-Router(config)# track 1 interface fastEthernet 0/0 line-protocol  <--- 1 = tracking group
Linuxsource-Router(config)# interface fastEthernet 0/1
Linuxsource-Router(config-if)# vrrp 1 track 1 decrement 15 <--- decrement 15 = reduce priority by 15

Other track options:

Line protocol – is the line protocol on that specific interface up or down
Routes – is the specified route up or down
SLA probes –  ping 8.8.8.8 or retrieve webpage etc.

Timers
You can specify the hold/wait times by doing the following:

Linuxsource-Router(config-if)# standby 1 timers 1  3     <-- 1 is the hello timers and 3 the hold timers

Authentication

Set authentication so no other (unknown) router is going to join this group. (e.g man in the middle attack) Use MD5 (hash) and not (plain) text, because this can sniffed!
You can also use key-chain, but in this example we use MD5. (not included in the packet trace file !)

Set the string on both router 1 and 2 with:

Linuxsource-Router(config-if)# standby 1 authentication md5 key-string My_Hashed_Key

 

 

Download the router configs here !

[/fusion_text][separator style_type=”none” top_margin=”5″ bottom_margin=”” sep_color=”” border_size=”” icon=”” icon_circle=”” icon_circle_color=”” width=”” alignment=”center” class=”” id=””]

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post
cisco-article

Base Config: FHRP

11 October 2016
1.9K views
Next Post
cisco-article

Frame Relay – point to point

11 October 2016
1.6K views
Related Posts