- Configuring GLBP
- HSRP for IPv6
- Configuring HSRP
- HSRP Version 2
- HSRP MD5 Authentication
- HSRP Support for ICMP Redirects
- FHRP - HSRP Multiple Group Optimization
- FHRP - HSRP Group Shutdown
- SSO HSRP
- HSRP - ISSU
- FHRP - HSRP MIB
- HSRP Support for MPLS VPNs
- Configuring VRRP
- VRRPv3 Protocol Support
- VRRPv3: Object Tracking Integration
- Virtual Router Redundancy Service
- Index
VRRPv3 Protocol
Support
Note | In this module, VRRP and VRRPv3 are used interchangeably. |
For information on support of RSP module and Cisco IOS XE Releases, see Feature Compatibilty Matrix.
- Finding Feature Information
- Restrictions for VRRPv3 Protocol Support
- Information About VRRPv3 Protocol Support
- How to Configure VRRPv3 Protocol Support
- Configuration Examples for VRRPv3 Protocol Support
- Additional References
- Feature Information for VRRPv3 Protocol Support
- Glossary
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Restrictions for VRRPv3 Protocol Support
-
VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use over multi-access, multicast, or broadcast capable Ethernet LANs.
-
VRRPv3 is supported on Ethernet, Fast Ethernet, Bridge Group Virtual Interface (BVI), and Gigabit Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs), VRF-aware MPLS VPNs, and VLANs.
-
Because of the forwarding delay that is associated with the initialization of a BVI interface, you must not configure the VRRPv3 advertise timer to a value lesser than the forwarding delay on the BVI interface. If you configure the VRRPv3 advertise timer to a value equal to or greater than the forwarding delay on the BVI interface, the setting prevents a VRRP device on a recently initialized BVI interface from unconditionally taking over the master role. Use the bridge forward-time command to set the forwarding delay on the BVI interface. Use the vrrp timers advertise command to set the VRRP advertisement timer.
-
VRRPv3 does not support Stateful Switchover (SSO).
-
VRRPv3 protocol does not support authentication.
-
Full network redundancy can only be achieved if VRRP operates over the same network path as the VRRS Pathway redundant interfaces. For full redundancy, the following restrictions apply: - VRRS pathways should not share a different physical interface as the parent VRRP group or be configured on a sub-interface having a different physical interface as the parent VRRP group.
- VRRS pathways should not be configured on Switch Virtual Interface (SVI) interfaces as long as the associated VLAN does not share the same trunk as the VLAN on which the parent VRRP group is configured.
Information About VRRPv3 Protocol Support
VRRPv3 Benefits
Support for IPv4 and IPv6
Note | When VRRPv3 is in use, VRRPv2 is unavailable. For VRRPv3 to be configurable, the fhrp version vrrp v3 command must be used in global configuration mode |
Redundancy
VRRP enables you to configure multiple devices as the default gateway device, which reduces the possibility of a single point of failure in a network.
Load Sharing
You can configure VRRP in such a way that traffic to and from LAN clients can be shared by multiple devices, thereby sharing the traffic load more equitably between available devices.
Multiple Virtual Devices
VRRP supports up to 255 virtual devices (VRRP groups) on a device physical interface, subject to restrictions in scaling. Multiple virtual device support enables you to implement redundancy and load sharing in your LAN topology. In scaled environments, VRRS Pathways should be used in combination with VRRP control groups.
Multiple IP Addresses
Note | To utilize secondary IP addresses in a VRRP group, a primary address must be configured on the same group. |
Preemption
Note | Preemption of a lower priority master device is enabled with an optional delay. |
Advertisement Protocol
VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address for VRRP advertisements. For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. This addressing scheme minimizes the number of devices that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA has assigned VRRP the IP protocol number 112.
VRRP Device Priority and Preemption
An important aspect of the VRRP redundancy scheme is VRRP device priority. Priority determines the role that each VRRP device plays and what happens if the virtual device master fails.
If a VRRP device owns the IP address of the virtual device and the IP address of the physical interface, this device will function as a virtual device master.
Priority also determines if a VRRP device functions as a virtual device backup and the order of ascendancy to becoming a virtual device master if the virtual device master fails. You can configure the priority of each virtual device backup with a value of 1 through 254 using the priority command (use the vrrp address-family command to enter the VRRP configuration mode and access the priority option).
For example, if device A, the virtual device master in a LAN topology, fails, an election process takes place to determine if virtual device backups B or C should take over. If devices B and C are configured with the priorities of 101 and 100, respectively, device B is elected to become virtual device master because it has the higher priority. If devices B and C are both configured with the priority of 100, the virtual device backup with the higher IP address is elected to become the virtual device master.
By default, a preemptive scheme is enabled whereby a higher priority virtual device backup that becomes available takes over from the virtual device backup that was elected to become virtual device master. You can disable this preemptive scheme using the no preempt command (use the vrrp address-family command to enter the VRRP configuration mode, and enter the no preempt command). If preemption is disabled, the virtual device backup that is elected to become virtual device master remains the master until the original virtual device master recovers and becomes master again.
Note | Preemption of a lower priority master device is enabled with an optional delay. |
VRRP Advertisements
The virtual router master sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the virtual router master. The VRRP advertisements are encapsulated into either IPv4 or IPv6 packets (based on the VRRP group configuration) and sent to the appropriate multicast address assigned to the VRRP group. For IPv4, the multicast address is 224.0.0.18. For IPv6, the multicast address is FF02:0:0:0:0:0:0:12. The advertisements are sent every second by default and the interval is configurable.
Cisco routers allow you to configure millisecond timers, which is a change from VRRPv2. You need to manually configure the millisecond timer values on both the primary and the backup routers. The master advertisement value displayed in the show vrrp command output on the backup routers is always 1 second because the packets on the backup routers do not accept millisecond values.
You must use millisecond timers where absolutely necessary and with careful consideration and testing. Millisecond values work only under favorable circumstances. The use of the millisecond timer values is compatible with third party vendors, as long as they also support VRRPv3. You can specify a timer value between 100 milliseconds and 40000 milliseconds.
How to Configure VRRPv3 Protocol Support
- IPv6 VRRP Link Local Address
- Enabling VRRPv3 on a Device
- Creating and Customizing a VRRP Group
- Configuring the Delay Period Before FHRP Client Initialization
IPv6 VRRP Link Local Address
VRRPv3 for IPv6 requires that a primary virtual link-local IPv6 address is configured to allow the group to operate. After the primary link-local IPv6 address is established on the group, you can add the secondary global addresses.
Enabling VRRPv3 on a Device
To enable VRRPv3 on a device, perform the following task:
1.
enable
2.
configure
terminal
3.
fhrp
version
vrrp
v3
4.
end
DETAILED STEPS
Creating and Customizing a VRRP Group
To create a VRRP group, perform the following task. Steps 6 to 14 denote customizing options for the group, and they are optional:
1.
enable
2.
configure
terminal
3.
fhrp
version
vrrp
v3
4.
interface
type
number
5.
vrrp
group-id
address-family {ipv4 |
ipv6}
6.
address
ip-address [primary |
secondary]
7.
description
group-description
8.
match-address
9.
preempt
delay
minimum
seconds
10.
priority
priority-level
11.
timers
advertise
interval
12.
vrrpv2
13.
vrrs
leader
vrrs-leader-name
14.
shutdown
15.
end
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable
Example: Device> enable |
Enables privileged EXEC mode. | ||
Step 2 |
configure
terminal
Example: Device# configure terminal |
Enters global configuration mode. | ||
Step 3 |
fhrp
version
vrrp
v3
Example: Device(config)# fhrp version vrrp v3 |
Enables the ability to configure VRRPv3 and VRRS.
| ||
Step 4 |
interface
type
number
Example: Device(config)# interface GigabitEthernet 0/0/0 |
Enters interface configuration mode. | ||
Step 5 |
vrrp
group-id
address-family {ipv4 |
ipv6}
Example: Device(config-if)# vrrp 3 address-family ipv4 |
Creates a VRRP group and enters VRRP configuration mode. | ||
Step 6 |
address
ip-address [primary |
secondary]
Example: Device(config-if-vrrp)# address 100.0.1.10 primary |
Specifies a primary or secondary address for the VRRP group.
| ||
Step 7 |
description
group-description
Example: Device(config-if-vrrp)# description group 3 |
(Optional) Specifies a description for the VRRP group. | ||
Step 8 |
match-address
Example: Device(config-if-vrrp)# match-address |
(Optional) Matches secondary address in the advertisement packet against the configured address. | ||
Step 9 |
preempt
delay
minimum
seconds
Example: Device(config-if-vrrp)# preempt delay minimum 30 |
(Optional) Enables preemption of lower priority master device with an optional delay. | ||
Step 10 |
priority
priority-level
Example: Device(config-if-vrrp)# priority 3 |
(Optional) Specifies the priority value of the VRRP group. | ||
Step 11 |
timers
advertise
interval
Example: Device(config-if-vrrp)# timers advertise 1000 |
(Optional) Sets the advertisement timer in milliseconds. | ||
Step 12 |
vrrpv2
Example: Device(config-if-vrrp)# vrrpv2 |
(Optional) Enables support for VRRPv2 simultaneously, so as to interoperate with devices which only support VRRP v2. | ||
Step 13 |
vrrs
leader
vrrs-leader-name
Example: Device(config-if-vrrp)# vrrs leader leader-1 |
(Optional) Specifies a leader's name to be registered with VRRS and to be used by followers. | ||
Step 14 |
shutdown
Example: Device(config-if-vrrp)# shutdown |
(Optional) Disables VRRP configuration for the VRRP group. | ||
Step 15 |
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Configuring the Delay Period Before FHRP Client Initialization
To configure the delay period before the initialization of all FHRP clients on an interface, perform the following task:
1.
enable
2.
configure
terminal
3.
fhrp
version
vrrp
v3
4.
interface
type
number
5.
fhrp
delay
{[minimum] [reload]
seconds}
6.
end
DETAILED STEPS
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable
Example: Device> enable |
Enables privileged EXEC mode. | ||
Step 2 |
configure
terminal
Example: Device# configure terminal |
Enters global configuration mode. | ||
Step 3 |
fhrp
version
vrrp
v3
Example: Device(config)# fhrp version vrrp v3 |
Enables the ability to configure VRRPv3 and VRRS.
| ||
Step 4 |
interface
type
number
Example: Device(config)# interface GigabitEthernet 0/0/0 |
Enters interface configuration mode. | ||
Step 5 |
fhrp
delay
{[minimum] [reload]
seconds}
Example: Device(config-if)# fhrp delay minimum 5 |
Specifies the delay period for the initialization of FHRP clients after an interface comes up. | ||
Step 6 |
end
Example: Device(config)# end |
Returns to privileged EXEC mode. |
Configuration Examples for VRRPv3 Protocol Support
- Example: Enabling VRRPv3 on a Device
- Example: Creating and Customizing a VRRP Group
- Example: Configuring the Delay Period Before FHRP Client Initialization
- Example: VRRP Status, Configuration, and Statistics Details
Example: Enabling VRRPv3 on a Device
The following example shows how to enable VRRPv3 on a device:
Device> enable Device# configure terminal Device(config)# fhrp version vrrp v3 Device(config-if-vrrp)# end
Example: Creating and Customizing a VRRP Group
The following example shows how to create and customize a VRRP group:
Device> enable Device# configure terminal Device(config)# fhrp version vrrp v3 Device(config)# interface gigabitethernet0/0 Device(config-if)# vrrp 3 address-family ipv4 Device(config-if-vrrp)# address 100.0.1.10 primary Device(config-if-vrrp)# description group 3 Device(config-if-vrrp)# match-address Device(config-if-vrrp)# preempt delay minimum 30 Device(config-if-vrrp)# end
Note | In the above example, the fhrp version vrrp v3 command is used in the global configuration mode. |
Example: Configuring the Delay Period Before FHRP Client Initialization
The following example shows how to configure the delay period before FHRP client initialization :
Device> enable Device# configure terminal Device(config)# fhrp version vrrp v3 Device(config)# interface gigabitethernet0/0 Device(config-if)# fhrp delay minimum 5 Device(config-if-vrrp)# end
Note | In the above example, a five-second delay period is specified for the initialization of FHRP clients after the interface comes up. You can specify a delay period between 0 and 3600 seconds. |
Example: VRRP Status, Configuration, and Statistics Details
The following is a sample output of the status, configuration and statistics details for a VRRP group:
Device> enable Device# show vrrp detail Ethernet0/0 - Group 1 - Address-Family IPv4 State is MASTER State duration 3.707 secs Virtual IP address is 1.0.0.10 Virtual MAC address is 0000.5E00.0101 Advertisement interval is 1000 msec Preemption enabled Priority is 100 Master Router is 1.0.0.1 (local), priority is 100 Master Advertisement interval is 1000 msec (expires in 686 msec) Master Down interval is unknown State is MASTER State duration 3.707 secs VRRPv3 Advertisements: sent 5 (errors 0) - rcvd 0 VRRPv2 Advertisements: sent 0 (errors 0) - rcvd 0 Group Discarded Packets: 0 VRRPv2 incompatibility: 0 IP Address Owner conflicts: 0 Invalid address count: 0 IP address configuration mismatch : 0 Invalid Advert Interval: 0 Adverts received in Init state: 0 Invalid group other reason: 0 Group State transition: Init to master: 0 Init to backup: 1 (Last change Mon Jul 30 16:42:01.856) Backup to master: 1 (Last change Mon Jul 30 16:42:05.469) Master to backup: 0 Master to init: 0 Backup to init: 0 Device# exit
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
FHRP commands |
|
Configuring VRRPv2 |
Configuring VRRP |
Standards and RFCs
Standard/RFC |
Title |
---|---|
RFC5798 |
Virtual Router Redundancy Protocol |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for VRRPv3 Protocol Support
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.Feature Name |
Releases |
Feature Information |
---|---|---|
VRRPv3 Protocol Support |
Cisco IOS XE Release 3.8S |
VRRP enables a group of routers to form a single virtual router to provide redundancy. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group. The VRRPv3 Protocol Support feature provides the capability to support IPv4 and IPv6 addresses. The following commands were introduced or modified: fhrp delay, show vrrp, vrrp address-family. |
Glossary
Virtual IP address owner—The VRRP router that owns the IP address of the virtual router. The owner is the router that has the virtual router address as its physical interface address.
Virtual router—One or more VRRP routers that form a group. The virtual router acts as the default gateway router for LAN clients. The virtual router is also known as a VRRP group.
Virtual router backup—One or more VRRP routers that are available to assume the role of forwarding packets if the virtual router master fails.
Virtual router master—The VRRP router that is currently responsible for forwarding packets sent to the IP addresses of the virtual router. Usually, the virtual router master also functions as the IP address owner.
VRRP router—A router that is running VRRP.