IP Addresses and Services Configuration Guide for Cisco NCS 6000 Routers, IOS XR Release 7.2.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Virtual Router
Redundancy Protocol (VRRP) feature allows for transparent failover at the
first-hop IP router, enabling a group of routers to form a single virtual
router.
Feature History
for Implementing VRRP
Release
Modification
Release 5.0.0
This feature was introduced.
Prerequisites for Implementing VRRP on Cisco IOS XR Software
You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include
the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact
your AAA administrator for assistance.
Information About
Implementing VRRP
To implement VRRP
on
Cisco IOS XR software, you need to understand the following concepts:
VRRP
Overview
A LAN client can use a
dynamic process or static configuration to determine which router should be the
first hop to a particular remote destination. The client examples of dynamic
router discovery are as follows:
Proxy ARP—The
client uses Address Resolution Protocol (ARP) to get the destination it wants
to reach, and a router responds to the ARP request with its own MAC address.
Routing
protocol—The client listens to dynamic routing protocol updates (for example,
from Routing Information Protocol [RIP]) and forms its own routing table.
IRDP (ICMP Router
Discovery Protocol) client—The client runs an Internet Control Message Protocol
(ICMP) router discovery client.
The drawback to
dynamic discovery protocols is that they incur some configuration and
processing overhead on the LAN client. Also, in the event of a router failure,
the process of switching to another router can be slow.
An alternative to
dynamic discovery protocols is to statically configure a default router on the
client. This approach simplifies client configuration and processing, but
creates a single point of failure. If the default gateway fails, the LAN client
is limited to communicating only on the local IP network segment and is cut off
from the rest of the network.
The Virtual Router
Redundancy Protocol (VRRP) feature can solve the static configuration problem.
VRRP is an IP routing redundancy protocol designed to allow for transparent
failover at the first-hop IP router. VRRP enables a group of routers to form a
single
virtual
router. The LAN clients can then be configured with the virtual router
as their default gateway. The virtual router, representing a group of routers,
is also known as a
VRRP group.
For example,
Basic VRRP
Topology shows a LAN topology in which VRRP
is configured. In this example, Routers A, B, and C are
VRRP routers
(routers running VRRP) that compose a virtual router. The IP address of the
virtual router is the same as that configured for the interface of Router A
(10.0.0.1).
Because the virtual router uses the IP address of the physical interface of Router A, Router A assumes the role of the IP address owner. As the IP address owner router, Router A controls the IP address of the virtual router and is responsible for forwarding packets
sent to this IP address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
Routers B and C function as backup virtual routers. If the IP address owner router fails, the router configured with the higher priority becomes the IP address owner virtual
router and provides uninterrupted service for the LAN hosts. When Router A recovers, it becomes the IP address owner virtual
router again.
Note
We recommend that you disable Spanning Tree Protocol (STP) on switch
ports to which the virtual routers are connected. Enable RSTP or rapid-PVST on
the switch interfaces if the switch supports these protocols.
Multiple Virtual
Router Support
You can configure up
to 255
virtual routers on a router
physical
interface.
The actual number of virtual routers that a router interface can
support depends on the following factors:
Router processing
capability
Router memory
capability
Router interface
support of multiple MAC addresses
In a topology where multiple virtual routers are configured on a router interface, the interface can act as a IP address owner
for one or more virtual routers and as a backup for one or more virtual routers.
VRRP Router
Priority
An important aspect of the VRRP redundancy scheme is VRRP router priority. Priority determines the role that each VRRP router
plays and what happens if the IP address owner virtual router fails.
If a VRRP router owns the IP address of the virtual router and the IP address of the physical interface, this router functions
as a IP address owner virtual router.
Priority also determines if a VRRP router functions as a backup virtual router and determines the order of ascendancy to becoming a IP address
owner virtual router if the IP address owner virtual router fails. You can configure the priority of each backup virtual router
with a value of 1 through 254, using the vrrp priority command.
For example, if Router A, the IP address owner virtual router in a LAN topology, fails, an election process takes place to
determine if backup virtual Routers B or C should take over. If Routers B and C are configured with the priorities of 101
and 100, respectively, Router B is elected to become IP address owner virtual router because it has the higher priority. If
Routers B and C are both configured with the priority of 100, the backup virtual router with the higher IP address is elected
to become the IP address owner virtual router.
By default, a preemptive scheme is enabled whereby a higher-priority backup virtual router that becomes available takes over
for the
backup virtual router that was elected to become IP address owner virtual router. You can disable this preemptive scheme using the no vrrp preemptcommand. If preemption is disabled, the backup virtual router that is elected to become IP address owner router
virtual router remains the IP address owner router
until the original IP address owner virtual router recovers and becomes
IP address owner router again.
VRRP Advertisements
The IP address owner virtual router sends VRRP advertisements to other VRRP routers in the same group. The advertisements
communicate the priority and state of the IP address owner virtual router. The VRRP advertisements are encapsulated in IP
packets and sent to the IP Version 4 multicast address assigned to the VRRP group. The advertisements are sent every second
by default; the interval is configurable.
Benefits of
VRRP
The benefits of VRRP
are as follows:
Redundancy— VRRP
enables you to configure multiple routers as the default gateway router, which
reduces the possibility of a single point of failure in a network.
Load Sharing—You
can configure VRRP in such a way that traffic to and from LAN clients can be
shared by multiple routers, thereby sharing the traffic load more equitably
among available routers.
Multiple Virtual
Routers—VRRP supports up to
virtual routers (VRRP groups) on a router
interface, subject to the platform supporting multiple MAC
addresses. Multiple virtual router support enables
you to implement redundancy and load sharing in your LAN topology.
Multiple IP
Addresses—The virtual router can manage multiple IP addresses, including
secondary IP addresses. Therefore, if you have multiple subnets configured on
an Ethernet interface, you can configure VRRP on each subnet.
Preemption—The redundancy scheme of VRRP enables you to preempt a backup virtual router that has taken over for a failing
IP address owner virtual router with a higher-priority backup virtual router that has become available.
Text
Authentication—You can ensure that VRRP messages received from VRRP routers
that comprise a virtual router are authenticated by configuring a simple text
password.
Advertisement
Protocol—VRRP uses a dedicated Internet Assigned Numbers Authority (IANA)
standard multicast address (224.0.0.18) for VRRP advertisements. This
addressing scheme minimizes the number of routers that must service the
multicasts and allows test equipment to accurately identify VRRP packets on a
segment. The IANA assigns VRRP the IP protocol number 112.
Configuring VRRP
This section contains instructions for configuring VRRP for IPv4 and IPv6 networks.
Note
The VRRP virtual router id (vrid) has to be different for different sub-interfaces, for a given physical interface.
Configuring VRRP for IPv4 Networks
This section describes the procedure for configuring and verifying VRRP for IPv4 networks.
Configuration
Use the following configuration for configuring VRRP for IPv4 networks.
Note
Certain customizations (as mentioned) are recommended to control the behavior of the VRRP group on committing the VRRP configuration
on the Router. If the following customizations are not configured, then the Router seizes control of the VRRP group, and immediately
assumes the role of the IP address owner virtual Router.
/* Enter the interface configuration mode and configure an IPv4 address for the interface. */
Router(config)# interface gigabitEthernet 0/0/0/1
Router(config-if)# ipv4 address 10.10.10.1 255.255.255.0
Router(config-if)# no shut
Router(config-if)# commit
Fri Dec 8 13:49:24.142 IST
Router:Dec 8 13:49:24.285 : ifmgr[402]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to Down
Router:Dec 8 13:49:24.711 : ifmgr[402]: %PKT_INFRA-LINK-3-UPDOWN : Interface GigabitEthernet0/0/0/1, changed state to Up
Router(config-if)# exit
Router(config)# do show ip int brief
Fri Dec 8 13:50:05.505 IST
Interface IP-Address Status Protocol Vrf-Name
GigabitEthernet0/0/0/0 unassigned Shutdown Down default
GigabitEthernet0/0/0/1 10.10.10.1 Up Up default
GigabitEthernet0/0/0/2 unassigned Shutdown Down default
GigabitEthernet0/0/0/3 unassigned Shutdown Down default
GigabitEthernet0/0/0/4 unassigned Shutdown Down default
/* Enter the VRRP configuration mode and add the configured interface. */
Router(config)# router vrrp
Router(config-vrrp)# interface GigabitEthernet 0/0/0/1
/* CUSTOMIZATION: Configure a delay for the startup of the state machine when the interface comes up. */
Router(config-vrrp)# delay minimum 2 reload 10 */
/* Configure VRRP version 3 for IPv4 */
Router(config-vrrp-if)# address-family ipv4 vrrp 100 version 3
Router(config-vrrp-virtual-router)# address 10.10.10.1
/* CUSTOMIZATION: Disable the installation of routes for the VRRP virtual addresses. */
Router(config-vrrp-virtual-Router)# accept-mode disable
/* CUSTOMIZATION: Set a priority for the virtual Router. */
Router(config-vrrp-virtual-Router)# priority 254
/* CUSTOMIZATION: Configure a preempt delay value that controls the selection of the IP address owner virtual Router. */
Router(config-vrrp-virtual-Router)# preempt delay 15
/* CUSTOMIZATION: Configure the interval between successive advertisements by the IP address owner virtual Router. */
Router(config-vrrp-virtual-Router)#timer 4
/* CUSTOMIZATION: Configure VRRP to track an interface. */
Router(config-vrrp-virtual-Router)# track interface GigabitEthernet0/0/0/1 30
/* Commit the configuration */
Router(config-vrrp-virtual-Router)# commit
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
You have successfully configured VRRP for IPv4 networks.
Validation
Use the following commands to validate the configuration.
/* Validate the configuration */
Router(config-vrrp-virtual-router)# do show run interface GigabitEthernet 0/0/0/1
Fri Dec 8 15:04:38.140 IST
interface GigabitEthernet0/0/0/1
ipv4 address 10.10.10.1 255.255.255.0
!
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––--
Router(config)# show running-config router vrrp
Fri Dec 8 13:50:18.959 IST
router vrrp
interface GigabitEthernet0/0/0/1
delay minimum 2 reload 10
address-family ipv4
vrrp 100 version 3
priority 254
preempt delay 15
timer 4
track interface GigabitEthernet0/0/0/2 30
address 10.10.10.1
accept-mode disable
!
!
!
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––--
Router(config-vrrp-virtual-router)# do show vrrp ipv4 interface gigabitEthernet 0/0/0/1
Fri Dec 8 15:02:56.952 IST
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
Gi0/0/0/1 100 255 A P Master local 10.10.10.1
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––--
Router(config-vrrp-virtual-router)# end
Router# show vrrp detail
Fri Dec 8 15:08:36.469 IST
GigabitEthernet0/0/0/1 - IPv4 vrID 100
State is Master, IP address owner
1 state changes, last state change 01:19:06
State change history:
Dec 8 13:49:30.147 IST Init -> Master Delay timer expired
Last resign sent: Never
Last resign received: Never
Virtual IP address is 10.10.10.1
Virtual MAC address is 0000.5E00.0164, state is activeMaster router is local
Version is 3
Advertise time 1 secs
Master Down Timer 3.003 (3 x 1 + (1 x 1/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 255
Configured priority 100, may preempt
minimum delay 0 secs
You have successfully validated VRRP for IPv4 networks.
Configuring VRRP for IPv6 Networks
This section describes the procedure for configuring and verifying VRRP for IPv6 networks.
Configuration
The following sample includes the configuration and customization of VRRP for IPv6 networks.
Note
Certain customizations (as mentioned) are recommended to control the behavior of the VRRP group on committing the VRRP configuration
on the Router. If the following customizations are not configured, then the Router seizes control of the VRRP group, and immediately
assumes the role of the IP address owner virtual Router.
/* Enter the interface configuration mode and configure an IPv6 address */
Router# interface GigabitEthernet 0/0/0/2
Router(config-if)# ipv6 address 10::1/64
Router(config-if)# no shut
/* Exit the interface configuration mode and enter the vrrp configuration mode */
Router(config-if)# exit
Router(config)# Router vrrp
/* Add the configured interface for VRRP */
Router(config-vrrp)# interface GigabitEthernet 0/0/0/2
/* CUSTOMIZATION: Configure a delay for the startup of the state machine when the interface comes up. */
Router(config-vrrp)# delay minimum 2 reload 10 */
/* Enable the IPv6 global and link local address family on the interface */
Router(config-vrrp-if)# address-family ipv6 vrrp 50
Router(config-vrrp-virtual-Router)# address linklocal autoconfig
/* CUSTOMIZATION: Disable the installation of routes for the VRRP virtual addresses. */
Router(config-vrrp-virtual-Router)# accept-mode disable
/* CUSTOMIZATION: Set a priority for the virtual Router. */
Router(config-vrrp-virtual-Router)# priority 254
/* CUSTOMIZATION: Configure a preempt delay value that controls the selection of the IP address owner virtual Router. */
Router(config-vrrp-virtual-Router)# preempt delay 15
/* CUSTOMIZATION: Configure the interval between successive advertisements by the IP address owner virtual Router. */
Router(config-vrrp-virtual-Router)#timer 4
/* CUSTOMIZATION: Configure VRRP to track an interface. */
Router(config-vrrp-virtual-Router)# track interface GigabitEthernet0/0/0/2 30
/* Commit the configuration */
Router(config-vrrp-virtual-Router)# commit
You have successfully configured VRRP for IPv6 networks.
Validation
Use the following commands to validate the configuration.
/* Validate the configuration */
Router(config-vrrp-virtual-router)# do show run interface GigabitEthernet 0/0/0/2
Fri Dec 8 14:55:48.378 IST
interface GigabitEthernet0/0/0/2
ipv6 address 10::1/64
!
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Router(config-vrrp-virtual-router)# do show running-config router vrrp
...
router vrrp
interface GigabitEthernet0/0/0/2
delay minimum 2 reload 10
address-family ipv6
vrrp 50
priority 254
preempt delay 15
timer 4
track interface GigabitEthernet0/0/0/2 30
address linklocal autoconfig
accept-mode disable
!
!
!
!
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Router(config-vrrp-virtual-router)# do show vrrp ipv6 interface gigabitEthernet 0/0/0/2
Fri Dec 8 14:59:25.547 IST
IPv6 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addr
Gi0/0/0/2 50 254 P Master local
fe80::200:5eff:fe00:203
––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––-
Router(config-vrrp-virtual-router)# end
Router# show vrrp detail
Fri Dec 8 15:08:36.469 IST
GigabitEthernet0/0/0/2 - IPv6 vrID 50
State is Master
2 state changes, last state change 00:18:01
State change history:
Dec 8 14:50:23.326 IST Init -> Backup Virtual IP configured
Dec 8 14:50:35.365 IST Backup -> Master Master down timer expired
Last resign sent: Never
Last resign received: Never
Virtual IP address is fe80::200:5eff:fe00:203
Virtual MAC address is 0000.5E00.0203, state is active
Master router is local
Advertise time 4 secs
Master Down Timer 12.031 (3 x 4 + (2 x 4/256))
Minimum delay 2 sec, reload delay 10 sec
Current priority 254
Configured priority 254, may preempt
minimum delay 15 secs
Tracked items: 1/1 up: 0 decrement
Object name State Decrement
GigabitEthernet0/0/0/2 Up 30
You have successfully validated VRRP for IPv6 networks.
Clearing VRRP Statistics
Use the clear vrrp statistics command to clear all the software counters for the
specified virtual router.
Clears all software counters for the specified virtual router.
If no interface is specified, statistics of all virtual routers are
removed.
MIB support for VRRP
VRRP enables one or more IP addresses to be assumed by a router when a failure occurs. For example, when IP traffic from a
host reaches a failed router because the failed router is the default gateway, the traffic is transparently forwarded by the
VRRP router that has assumed control. VRRP does not require configuration of dynamic routing or router discovery protocols
on every end host. The VRRP router controlling the IP address(es) associated with a virtual router is called the IP address
owner router, and forwards packets sent to these IP addresses. The election process provides dynamic fail over(standby) in
the forwarding responsibility should the IP address owner router become unavailable. This allows any of the virtual router
IP addresses on the LAN to be used as the default first hop router by end-hosts.The advantage gained from using VRRP is a
higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every
end-host. SNMP traps provide information of the state changes, when the virtual routers(in standby) are moved to IP address
owner router's state or if the standby router is made IP address owner router.
Configuring SNMP
server notifications for VRRP events
The
snmp-server traps
vrrp events command enables the Simple Network Management Protocol (SNMP)
server notifications (traps) for VRRP.
Pseudowire Headend (PWHE) is a technology that allows termination of access pseudowires (PWs) into a Layer 3 (VRF or global)
domain or into a Layer 2 domain. This feature enables you to configure VRRP on PWHE interfaces to provide redundancy between
two routers that are connected through PWHE interfaces .
For more information about PWHE interfaces, see the chapter Implementing Multipoint Layer 2 Services of the L2VPN and Ethernet Services Configuration Guide for Cisco ASR 9000 Series Routers.
Configuration Example
To configure VRRP on PWHE interfaces, use the following steps:
Enter the VRRP configuration mode.
Configure a PWHE interface.
Configure the VRRP address family for IPv4 and IPv6.
Configuration
/* Enter the VRRP configuration mode. */
Router# configure
Router(config)# router vrrp
/* Configure a PWHE interface. */
Router# (config-vrrp)# interface pw-Ether 1000
/* Configure the VRRP address family for IPv4 and IPv6. */
Router(config-vrrp-if)# address-family ipv4 vrrp
Router(config-vrrp-virtual-router)# address 172.16.0.0
Router(config-vrrp-virtual-router)# vrrp 1
Router(config-vrrp-virtual-router)# commit
Router(config-vrrp-address-family)# exit
Router(config-vrrp-if)# exit
Router(config-vrrp-if)# address-family ipv6 vrrp 1
Router(config-vrrp-virtual-router)# address global 2001:DB8::1
Router(config-vrrp-virtual-router)# address linklocal autoconfig
Router(config-vrrp-virtual-router)# commit
Use the following command to verify the configuration of VRRP on PWHE interfaces:
Router# show run interface pw-ether 1000
interface PW-Ether1000
ipv4 address 172.16.0.0 255.255.255.0
ipv6 address 2001:DB8::1/125
attach generic-interface-list pwhe_vrrp
!
Use the following command to verify the details of VRRP configuration on PWHE interfaces:
Router# show vrrp interface pw-Ether 1000 detail
PW-Ether1000 - IPv4 vrID 1
State is Backup
1 state changes, last state change 2d08h
State change history:
Nov 24 11:47:16.585 IST Init
Last resign sent: Never
Last resign received: Never
Virtual IP address is 172.16.0.0
Virtual MAC address is 0000.5E00.0101, state is reserved
Master router is 172.16.0.1, priority 100
Version is 2
Advertise time 1 secs
Master Down Timer 3.609 (3 x 1 + (156 x 1/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 100
Configured priority 100, may preempt
minimum delay 0 secs
PW-Ether1000 - IPv6 vrID 1
State is Backup
1 state changes, last state change 2d08h
State change history:
Nov 24 11:47:19.600 IST Init
Last resign sent: Never
Last resign received: Never
Virtual IP address is 2001:DB8::1/125
Secondary Virtual IP address is 2001:DB8:FFFF:FFFF:FFFF:FFFE:FFFF:FFFF
Virtual MAC address is 0000.5E00.0201, state is reserved
Master router is 2001:DB8::2
Version is 3
Advertise time 1 secs
Master Down Timer 3.609 (3 x 1 + (156 x 1/256))
Minimum delay 1 sec, reload delay 5 sec
Current priority 100
Configured priority 100, may preempt
minimum delay 0 secs
Use the following command to verify VRRP state and priority of the current router:
Router# show vrrp interface pw-Ether 1000
IPv4 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addrPE1000 1 100 P Backup 172.16.0.1 172.16.0.0
IPv6 Virtual Routers:
A indicates IP address owner
| P indicates configured to preempt
| |
Interface vrID Prio A P State Master addr VRouter addrPE1000 1 100 P Backup 2001:DB8::2 fe80::200:5eff:fe00:201
Hot Restartability for VRRP
In the event of failure of a VRRP process in one group, forced failovers in peer VRRP IP address owner router groups should
be prevented. Hot restartability supports warm RP failover without incurring forced failovers to peer VRRP routers.
Configuration Examples for VRRP Implementation on Cisco IOS XR Software
This section provides the following VRRP configuration examples:
Configuring a VRRP
Group: Example
This section
provides the following configuration example of Router A and Router B, each
belonging to three VRRP groups:
In the configuration
example, each group has the following properties:
Virtual Router
1:
Virtual IP
address is 10.
.0.
.
Router A will become the IP address owner router for this group with priority 120.
Advertising
interval is 3 seconds.
is
.
is enabled.
Virtual Router
5:
is
.
is
.
Virtual Router
100:
Advertising interval is the default 1 second.
Preemption
is
.
is disabled.
Clearing VRRP
Statistics: Example
The
clear vrrp
statistics command produces no output of its own. The command modifies the
statistics given by
show vrrp
statistics command so that all the statistics are reset to zero.
The following
section provides examples of the output of the
show vrrp
statistics command followed by the
clear vrrp
statistics command:
RP/0/RP0/CPU0:router# show vrrp statistics
show vrrp statistics
Invalid packets:
Invalid checksum: 0
Unknown/unsupported versions: 0
Invalid vrID: 10
Too short: 0
Protocol:
Transitions to Master 6
Packets:
Total received: 155
Bad TTL: 0
Failed authentication: 0
Unknown authentication: 0
Conflicting authentication: 0
Unknown Type field: 0
Conflicting Advertise time: 0
Conflicting Addresses: 0
Received with zero priority: 3
Sent with zero priority: 3
RP/0/RP0/CPU0:router# clear vrrp statisticsRP/0/RP0/CPU0:router
Additional
References
The following
sections provide references related to VRRP.
No new or
modified RFCs are supported by this feature, and support for existing RFCs has
not been modified by this feature.
—
Technical
Assistance
Description
Link
The
Cisco Technical Support website contains thousands of pages of searchable
technical content, including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users can log in from this page
to access even more content.