VRRP Interface Tracking

Table 1. Feature History

Feature Name

Release Information

Description

VRRP Interface Tracking for Cisco IOS XE Catalyst SD-WAN Devices

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

Cisco vManage Release 20.7.1

This feature enables VRRP to set the edge as active or standby based on the WAN Interface or SIG tracker events and increase the TLOC preference value on a new VRRP active to ensure traffic symmetry, for Cisco IOS XE Catalyst SD-WAN Devices.

Starting this release, you can configure VRRP interface tracking through Cisco SD-WAN Manager feature template and CLI template on Cisco IOS XE Catalyst SD-WAN Devices.

Information About VRRP Interface Tracking

The Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that provides redundant gateway service for switches and other IP end stations. In Cisco IOS XE Catalyst SD-WAN devices, you can configure VRRP on interfaces and subinterfaces using Cisco SD-WAN Manager templates and CLI add-on templates.

For more information, see Configuring VRRP.

Restrictions and Limitations

  • VRRP is only supported with service-side VPNs. If you are using subinterfaces, configure VRRP physical interfaces in VPN 0.

  • VRRP tracking is enabled on either a physical uplink interface or a logical tunnel interface (IPSEC or GRE or both).

  • The VRRP Tracking feature does not support IP prefix as an object.

  • You can use the same tracker under multiple VRRP groups or VPNs.

  • You cannot use the same track object to track multiple interfaces.

  • You can group a maximum of 16 track objects under a list track object.

  • You cannot configure tloc-change and increase-preference on more than one VRRP group.

VRRP Tracking Use Cases

The VRRP state is determined based on the tunnel link status. If the tunnel or interface is down on the primary VRRP, then the traffic is directed to the secondary VRRP. The secondary VRRP router in the LAN segment becomes primary VRRP to provide gateway for the service-side traffic.

Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider

The primary and secondary Zscaler tunnels are connected through a single internet provider to the primary VRRP. The primary and secondary VRRP routers are connected through using TLOC extension. In this scenario, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. To avoid asymmetric routing, VRRP notifies this change to the Overlay through OMP.

Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet Providers

The primary and secondary VRRP routers are configured in TLOC extension high availability mode. The primary and secondary Zscaler tunnels are directly connected with primary and secondary VRRP routers, respectively, using dual internet providers. In this scenario too, the VRRP state transition occurs if the primary and secondary tunnels go down on primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. VRRP notifies this change to the Overlay through OMP.

TLOC Preference

Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC is directly reachable using an entry in the routing table of the physical network, or represented by a prefix beyond a NAT device.

In Cisco IOS XE Catalyst SD-WAN devices, the TLOC change increase preference value increases based on the configured value. You can configure the TLOC change increase preference value on both the active and the backup nodes.

Configure an Object Tracker

Use the Cisco System template to configure an object tracker.

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note


    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.


  3. Navigate to the Cisco System template for the device.


    Note


    To create a System template, see Create System Template


  4. Click Tracker and choose New Object Tracker to configure the tracker parameters.

    Table 2. Tracker Parameters

    Field

    Description

    Tracker Type

    Choose Interface or SIG or Route to configure the object tracker.

    Object ID

    Enter the object ID number.

    Interface

    Choose global or device-specific tracker interface name.

  5. Click Add.

  6. Optionally, to create a tracker group, click Tracker, and click Tracker Groups > New Object Tracker Groups to configure the tracker parameters.


    Note


    Ensure that you have created two trackers to create a track group.


    Table 3. Object Tracker Group Parameters

    Field

    Description

    Group Tracker ID

    Enter the name of the tracker group.

    Tracker ID

    Enter the name of the object tracker that you want to group.

    Criteria

    Choose AND or OR explicitly.

    OR ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the route is active.

    If you choose AND operation, the transport interface status is reported as active if both the associated trackers of the tracker group report that the route is active.


    Note


    Provide information in all the mandatory fields before you save the template.


  7. Click Add.

  8. Click Save.

Configure VRRP for a VPN Interface Template and Associate Interface Object Tracker

To configure VRRP for a Cisco VPN template, do the following:

  1. From the Cisco SD-WAN Manager menu, choose Configuration > Templates.

  2. Click Feature Templates.


    Note


    In Cisco vManage Release 20.7.x and earlier releases, Feature Templates is titled Feature.


  3. Navigate to the Cisco VPN Interface Ethernet template for the device.


    Note


    For information about creating a new Cisco VPN Interface Ethernet template, see Configure VPN Ethernet Interface.


  4. Click VRRP and choose IPv4.

  5. Click New VRRP to create a new VRRP or edit the existing VRRP and configure the following parameters:

    Parameter Name

    Description

    TLOC Preference Change

    (Optional) Choose On or Off to set whether the TLOC preference can be changed or not.

    TLOC Preference Change Value

    (Optional) Enter the TLOC preference change. Range: 1 to 4294967295.

  6. Click the Add Tracking Object link, and in the Tracking Object dialog box that is displayed, click Add Tracking Object.

  7. In the Tracker ID field, enter the Interface Object ID or Object Group Tracker ID.

  8. From the Action drop-down list, choose Decrement and enter the Decrement Value as 1. Cisco vEdge Devices supports decrement value of 1.

    Or

    Choose Shutdown.

  9. Click Add.

  10. Click Add to save the VRRP details.

  11. Click Save.

Configure VRRP Tracking Using CLI Templates

You can configure VRRP tracking using the CLI add-on feature templates and CLI device templates. For more information, see CLI Templates.

VRRP Object Tracking Using CLI

Interface Object Tracking using CLI

Use the following configuration to add an interface to a track list using Cisco SD-WAN Manager device CLI tempale:

Device(config)# track <object-id1> interface <interface-type-number> [line-protocol]
Device(config-tracker)# exit 
Device(config)# track < object-id2> interface <interface-type-number> [line-protocol]
Device(config-tracker)# exit 
Device(config)# track <group-object-id> list boolean [and | Or] 
Device(config-tracker)# object <object-id1>
Device(config-tracker)# object <object-id2>
Device(config-tracker)# exit
Device(config)# interface GigabitEthernet2


Device(config-if)# vrf forwarding <vrf-number>

Device(config-if)# ipv4 address <ip-address> <subnet-mask>
Device(config-if)# negotiation auto
Device(config-if)# vrrp <vrrp-number> address-family ipv4
Device(config-if-vrrp)# address <ipv4-address> [primary | secondary]
Device(config-if-vrrp)# track <object-id> [decrement <dec-value> | shutdown]
Device(config-if-vrrp)# tloc-change increase-preference <value>
Device(config-if-vrrp)# exit

SIG Container Tracking

The following example shows how to configure a track list and tracking for SIG containers using the Cisco SD-WAN Manager device CLI template.


Note


In Cisco IOS XE Catalyst SD-WAN Release 17.7.1a SIG Object Tracking, you can only set global as the variable for Service Name.


SIG Object Tracking Using CLI

Device(config)# track <object-id1> service global

Device(config-tracker)# exit 
Device(config)# track <object-id2> service global
Device(config-tracker)# exit 
Device(config)# track <group-object-id> list boolean [and | Or] 
Device(config-tracker)# object <object-id1>
Device(config-tracker)# object <object-id2>
Device(config-tracker)# exit

Device(config)# interface GigabitEthernet2

Device(config-if)# vrf forwarding <vrf-number>

Device(config-if)# ip address <ip-address> <subnet-mask>
Device(config-if)# negotiation auto
Device(config-if)# vrrp <vrrp-number> address-family ipv4
Device(config-if-vrrp)# address <ipv4-address> [primary | secondary]
Device(config-if-vrrp)# track <object-id> [decrement <dec-value> | shutdown]
Device(config-if-vrrp)# tloc-change increase-preference <value>
Device(config-if-vrrp)#exit

Configuration Example for VRRP Object Tracking Using CLI

Interface Object Tracking Using CLI

config-transaction
  track 100 interface Tunnel123 line-protocol
   exit
 track 200 interface GigabitEthernet5 line-protocol
  exit
track 400 list boolean and
  object 100
  object 200
  exit
 
interface GigabitEthernet2
 vrf forwarding 1
 ip address 10.10.1.1 255.255.255.0
 negotiation auto
vrrp 1 address-family ipv4
  address 10.10.1.10 primary
  track 400 decrement 10
  tloc-change increase-preference 333
  exit

Configuration Examples for SIG Object Tracking

SIG Object Tracking Using CLI

config-transaction
  track 1 service global
  exit
  exit 
  track 2 service global
track 3 list boolean and
  object 1
  object 2
  exit
 
interface GigabitEthernet2
 vrf forwarding 1
 ip address 10.10.1.1 255.255.255.0
 negotiation auto
vrrp 1 address-family ipv4
  address 10.10.1.10 primary
  track 3 decrement 10
  tloc-change increase-preference 333
  exit

Monitor VRRP Configuration

To view information about VRRP configuration:

  1. From the Cisco SD-WAN Manager menu, choose Monitor > Devices.

    Cisco vManage Release 20.6.x and earlier: From the Cisco SD-WAN Manager menu, choose Monitor > Network.

  2. Choose a device from the list of devices.

  3. Click Real Time.

  4. From the Device Options drop-down list, choose VRRP Information.


    Note


    You can view the status of the VRRP configuration in Track State.


Verify VRRP Tracking

Device# show vrrp

The following is a sample output for the show vrrp command:

GigabitEthernet2 - Group 1 - Address-Family IPv4
  State is MASTER
  State duration 37 mins 52.978 secs
  Virtual IP address is 10.10.1.10
  Virtual MAC address is 0000.5E00.0101
  Advertisement interval is 1000 msec
  Preemption enabled
  Priority is 100
  State change reason is VRRP_TRACK_UP
  Tloc preference configured, value 333
    Track object 400 state UP decrement 10 
  Master Router is 10.10.1.1 (local), priority is 100
  Master Advertisement interval is 1000 msec (expires in 607 msec)
  Master Down interval is unknown
  FLAGS: 1/1

Device# show track brief

The following is a sample output for the show track brief command:

Track Type        Instance                   Parameter        State Last Change
100   interface   Tunnel123                  line-protocol    Up    00:12:48
200   interface   GigabitEthernet5           line-protocol    Up    00:49:57
400   list                                   boolean          Up    00:12:47
 

Device# show track list

The following is a sample output for the show track list command:


Track 400
  List boolean and
  Boolean AND is Up
    6 changes, last change 00:12:58
    object 100 Up
    object 200 Up
  Tracked by:
    VRRPv3 GigabitEthernet2 IPv4 group 1

Device# show track list brief

The following is a sample output for the show track brief command:

Track Type        Instance                   Parameter        State Last Change
400   list                                   boolean          Up    00:13:02