CCIE, the beginning!

GO

HOME

ABOUT

POSTS

ROUTING PROTOCOLS

IPV6

MULTICAST

IP SERVICES

BGP

MHSRP and Load Sharing

ANIMATION

SECURITY

TROUBLESHOOTING

COMMENTS

FRAME RELAY

GLBP (Gateway Load Balancing Protocol)

VRRP and Load Sharing

AUGUST 31, 2008

1 COMMENT

3 Votes
VRRP is the IEEE standard equivalent of HSRP, Cisco proprietary.

Categories
Select Category

VRRP differs slightly from HSRP:

one Master is elected, Active for HSRP.
one or more backup Routers against only one standby router for HSRP, hence the presence of skew time to
organize their participation to the election.
can use real IP address as the virtual IP.
use 224.0.0.18, udp(112).
VRRP use the same concept of multiple group to achieve load sharing.

SEARCH

Recent Posts
IPv6 multicast over IPv6 IPSec VTI
Lets 6rd!
WCCPv2 and Squid-cache v3.1, a nice couple.

Hold = 3xAdvertisment + skew time.

OSPF external E1, E2, N1, N2Who is

the winner?

Advertisement , called Hello in HSRP.

Administrative Distance, prefix length, metric

Who is the winner?

Skew time = 1-(priority/256).

6to4 802.1q ACL ASSERT Auto-RP

BGP

The skew time is inversely proportional to the priority, the hypothetical topology depicted in figure 1 better illustrates
the utility that lurks behind the concept.

autonomous system
BGP attribute
Bidirectional Boot-Strap Router BSR CBAC CGMP

Figure1: skew time and priority

confederation context-based Firewall

DHCPv6

DMVPN eBGP EIGRP Frame Relay

GLBP GRE high avilability HSRP iBGP IGMP
Inverse ARP IOS IOS FW IPSec

IPv6 IPv6

EIGRP ipv6 GRE IPv6 QoS ISATAP link-local LMI Load

Balancing mGRE Multicast

NAT NAT-PT NBMA NHRP normalcommit NVI OSPF OSPFv3 Path
selection PIM PIM-DM PIM-Sparse
mode point-to-multipoint point-to-point Policing
prune override pseudobroadcast QoS Quality of

rapid-commit redistribution
relay Rendez-vous Point RIB RIP
Service

The hold time allows backup routers to be aware of a failure of the master for them to be able to send their
advertisements and participate to the election of the new master, but with many routers as backup with different
priorities it is clear that only the backup router with the highest priority will become the Master, so there is no need
for the others to participate to the masquerade : ); thereby, using the skew time, only the backup router with the next
highest priority will send its advertisements, become the Master and inform all others, if for any reason it is also not
available, The next highest priority backup router will claim the master state.

route reflector RP Security shared path Source path

Tree Sparse troubleshooting unicast FE80

VRF-lite VRRP
Email Subscription

This lab (Figure2) shows how to configure multiple VRRP groups to implement load sharing

Enter your email address to subscribe to this

blog and receive notifications of new posts by
email.

Figure 2: lab topology

Join 225 other followers

converted by Web2PDFConvert.com

Sign me up!

Meta
Register
Log in
Entries RSS
Comments RSS
WordPress.com

Pages
About

AJ NOURI on
The layer2 switch connects VLAN10 and VLAN20 to the group of Layer3 devices router R2 and multilayer switch
MLS that participate in VRRP.
R2 will be Master router for group20 (VLAN20 group) and MLS the backup gateway and vice versa, MLS will be the
Master gateway for VLAN10 and R2 the backup gateway.
This is implemented in R2 using different sub-interfaces for each VLAN entering the router through Fa1/0 with dot1q
encapsulation.
In MLS the upstream interface is a routed interface (disabled switching) and SVI VLAN10 and VLAN20 are used to
receive traffic from each VLAN on the trunk interface Fa0/1.
The Lab is organized as follow:

August 2008
M

- VRRP configuration
- VRRP Verification
- Testing
- MLS failure

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

Jul

Sep

- MLS recovery
- R2 tracked interface failure
- R2 tracked interface recovery

VRRP CONFIGURATION
MLS:

track 1 interface FastEthernet0/0 line-protocol

interface Vlan10
ip address 192.168.10.3 255.255.255.0
vrrp 10 ip 192.168.10.1
vrrp 10 preempt delay minimum 60

Archives
October 2013
May 2013
April 2013

vrrp 10 priority 200

vrrp 10 track 1 decrement 100

March 2013
January 2013

converted by Web2PDFConvert.com

December 2012
November 2012

interface Vlan20

September 2012

ip address 192.168.20.3 255.255.255.0

January 2012

vrrp 20 ip 192.168.20.1

December 2011
October 2011

no vrrp 20 preempt
September 2011

vrrp 20 priority 150

July 2011
April 2011

R2:

track 1 interface FastEthernet0/0 line-protocol

February 2011
November 2010
July 2010

interface FastEthernet1/0.10

June 2010
March 2010

encapsulation dot1Q 10
January 2010

ip address 192.168.10.2 255.255.255.0

November 2009

vrrp 10 ip 192.168.10.1

July 2009

vrrp 10 priority 150

February 2009
January 2009
December 2008

interface FastEthernet1/0.20
encapsulation dot1Q 20

November 2008
October 2008
September 2008

ip address 192.168.20.2 255.255.255.0

August 2008

vrrp 20 ip 192.168.20.1

July 2008

vrrp 20 preempt delay minimum 60

June 2008
May 2008

vrrp 20 priority 200

April 2008

vrrp 20 track 1 decrement 100

March 2008

All First Hop Redundancy protocols like HSRP, VRRP and GLBP allow the use of object tracking which provides
enhanced capability to track different object like:
- Interface.
- Line protocol state.
- Reachability of IP route.
- Threshold of IP routing metric.
- IP SLAoperations.
- List of boolean expression and threshold weight.
For the purpose of the lab we track only the line protocol status.

VRRP VERIFICATION

NetworkedBlogs
Blog:
CCIE, the beginning!
Topics:
Ccie, Cisco, Ipv6
Follow my blog

Initial VRRP status:

MLS:

MLS#sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10
10
200 3218 Y
Master
192.168.10.3
converted by Web2PDFConvert.com

192.168.10.3
192.168.10.1
Vl20
20
150 3414 Backup
192.168.20.2
192.168.20.1
MLS#

MLS#sh vrrp
Vlan10 Group 10
State is Master
Virtual IP address is 192.168.10.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled, delay min 60 secs
Priority is 200
Track object 1 state Up decrement 100
Master Router is 192.168.10.3 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec

Vlan20 Group 20
State is Backup
Virtual IP address is 192.168.20.1
Virtual MAC address is 0000.5e00.0114
Advertisement interval is 1.000 sec
Preemption disabled
Priority is 150
Master Router is 192.168.20.2, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec (expires in 2.406 sec)

MLS#

MLS VLAN10 SVI is the master gateway interface for VLAN10 with the highest priority of 200 and MLS VLAN20 SVI is
the backup gateway interface for VLAN20 (<R2 Fa1/0.20 interface priority).

R2:

R2#sh vrrp
Mar 1 01:26:54.243: %SYS-5-CONFIG_I: Configured from console by admin on
console brief
Interface Grp Pri Time Own Pre State Master addr Group addr

converted by Web2PDFConvert.com

Fa1/0.10
10
150 3414 Y Backup
192.168.10.3
192.168.10.1
Fa1/0.20
20
200 3218 Y Master
192.168.20.2
192.168.20.1
R2#

R2#sh vrrp
FastEthernet1/0.10 Group 10
State is Backup
Virtual IP address is 192.168.10.1
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 192.168.10.3, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec (expires in 2.538 sec)

FastEthernet1/0.20 Group 20
State is Master
Virtual IP address is 192.168.20.1
Virtual MAC address is 0000.5e00.0114
Advertisement interval is 1.000 sec
Preemption enabled, delay min 60 secs
Priority is 200
Track object 1 state Up decrement 100
Master Router is 192.168.20.2 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec

R2#

R2 Fa1/0.20 is the master gateway interface for VLAN20 with the highest priority of 200 and intfa1/0.10 is the backup
gateway interface for VLAN20 with priority of 150 (< MLS SVI VLAN10 priority).

Connectivity

converted by Web2PDFConvert.com

R10(VLAN10):

R10#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.2 8 cc01.154c.0010 ARPA FastEthernet0/0
Internet 192.168.10.3 52 cc02.1714.0000 ARPA FastEthernet0/0
Internet 192.168.10.1 26 0000.0c07.ac0a ARPA FastEthernet0/0
Internet 192.168.10.10 cc04.1714.0000 ARPA FastEthernet0/0
R10#

Using ARP for the default gateway IP 192.168.10.1, R10 has resolved the virtual MAC defined by VRRP group.

R10#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.3 88 msec 60 msec 76 msec

2 192.168.13.1 124 msec 88 msec 64 msec
3 10.10.10.1 184 msec 88 msec 92 msec
R10#

According to the initial VRRP state, MLS should be the Master VRRP router for the group 10 which is confirmed by
result of trace command.
R20(VLAN20):

R20#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 108 msec 48 msec 28 msec

2 192.168.12.1 92 msec 104 msec 96 msec
3 10.10.10.1 104 msec 72 msec 64 msec
R20#

According to the initial VRRP state, R2 should be the Master VRRP router for the group 20 which is confirmed by
result of trace command.

R20#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.20.20 cc05.1714.0000 ARPA FastEthernet0/0
Internet 192.168.20.1 15 0000.5e00.0114 ARPA FastEthernet0/0
Internet 192.168.20.2 14 cc01.154c.0010 ARPA FastEthernet0/0
Internet 192.168.20.3 56 cc02.1714.0000 ARPA FastEthernet0/0
R20#

converted by Web2PDFConvert.com

Using ARP for the default gateway IP 192.168.20.1, R20 has resolved the virual MAC defined by VRRP group.

TESTING
MLS failure:
In this case MLS is shutdown to simulate a router failure.
R2:

R2#
Mar 1 01:57:20.039: VRRP: Grp 10 Event Master down timer expired
Mar 1 01:57:20.039: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Backup ->
Master
Mar 1 01:57:30.439: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3
(FastEthernet1/0.20) is down: holding time expired
Mar 1 01:57:30.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3
(FastEthernet1/0.10) is down: holding time expired
R2#

After the hold timer expires for VRRP group 10, MLS is considered down and R2 interface fa1/0.10 take over the
Master status and become the forwarder, this is confirmed by the traffic that VLAN10 takes to reach the upstream
destination:

R2#sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Fa1/0.10
10
150 3414 Y Master
192.168.10.2
192.168.10.1
Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1
R2#

R10#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.10.2 68 msec 44 msec 60 msec

2 192.168.12.1 152 msec 92 msec 92 msec
3 10.10.10.1 136 msec 92 msec 140 msec
R10#

R10#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.2 44 cc01.154c.0010 ARPA FastEthernet0/0
Internet 192.168.10.3 7 cc02.1714.0000 ARPA FastEthernet0/0
Internet 192.168.10.1 7 0000.5e00.010a ARPA FastEthernet0/0

converted by Web2PDFConvert.com

Internet 192.168.10.10 cc04.1714.0000 ARPA FastEthernet0/0

R10#

Note that the virtual MAC has not changed, because the operation is transparent to the clients.
Nothing changed for VLAN 20, traffic is still forwarded to R2:

R20#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 112 msec 76 msec 28 msec

2 192.168.12.1 72 msec 112 msec 64 msec
3 10.10.10.1 136 msec 44 msec 56 msec
R20#

MLS recovery:
Now MLS is back to live and because of the preempt feature it will claim its master status back, however, this is
done after a configured 60 seconds, this additional time is given to the downstream Layer 2 distribution swiches to
converge STP so the optimal layer 3 path is consistent with layer 2 STP path.
R2:

R2#
Mar 1 02:16:53.344: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Master ->
Backup
Mar 1 02:16:54.088: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3
(FastEthernet1/0.20) is up: new adjacency
Mar 1 02:16:56.044: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3
(FastEthernet1/0.10) is up: new adjacency
R2#

R2#sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1
Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1
R2#

And VLAN10 clients again consider MLS as the default gateway:

R10#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 *
192.168.10.3 36 msec 28 msec

converted by Web2PDFConvert.com

2 192.168.13.1 104 msec 60 msec 64 msec

3 10.10.10.1 120 msec 88 msec 64 msec
R10#

R2 upstream interface failure (tracked interface):

Lets shut down Fa0/0 ionterface on R2 and see what will be the reaction of VRRP:
R2:

R2(config-subif)#int fa 0/0
R2(config-if)#sh
R2(config-if)#
Mar 1 02:35:30.203: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1
(FastEthernet0/0) is down: interface down
Mar 1 02:35:32.043: %LINK-5-CHANGED: Interface FastEthernet0/0, changed
state to administratively down
Mar 1 02:35:33.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to down
R2(config-if)#
R2(config-if)#
R2(config-if)#
Mar 1 02:36:30.535: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Master ->
Backup
R2(config-if)#

R2(config-if)#do sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1
Fa1/0.20
20 100 3218 Y Backup 192.168.20.3 192.168.20.1
R2(config-if)#

Avenality of 100 is subtracted from the interface Fa1/0.20 VRRP group 20 and after 60 sec MLS VRRP group 20 take
over the master status and become the default gateway for VLAN20.
MLS:

MLS(config-if)#
*Mar 1 00:20:37.323: VRRP: Grp 20 Event Master down timer expired
*Mar 1 00:20:37.327: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Backup -> Master
MLS(config-if)#

MLS(config-if)#do sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1
Vl20 20 150 3414 Y Backup 192.168.20.2 192.168.20.1
MLS(config-if) #
converted by Web2PDFConvert.com

Now all VLAN20 traffic is forwarded to MLS:

R20#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.3 96 msec 48 msec 48 msec

2 192.168.13.1 120 msec 52 msec 132 msec
3 10.10.10.1 52 msec 60 msec 92 msec
R20#

R2 upstream interface recovery (tracked interface):

R2:

R2(config-if)#int fa0/0
R2(config-if)#no sh

Mar 1 03:25:50.167: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1

(FastEthernet0/0) is up: new adjacency
Mar 1 03:25:50.759: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state
to up
Mar 1 03:25:51.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
R2(config-if)#
Mar 1 03:26:48.795: VRRP: Grp 20 Event Master down timer expired
Mar 1 03:26:48.799: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Backup ->
Master

Now The tracked interface is UP so VRRP will call back the penality and R2 VRRP group 20 can claim back its
mater state with a higher priority (60 sec after):

R2(config-if)#do sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1
Fa1/0.20
20 200 3218 Y
Master 192.168.20.2 192.168.20.1
R2(config-if)#

R3:
MLS(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1
Vl20
20 150 3414 Y Backup 192.168.20.2 192.168.20.1

converted by Web2PDFConvert.com

MLS(config-if)#

R20:

R20#trace 10.10.10.1

Type escape sequence to abort.

Tracing the route to 10.10.10.1

1 192.168.20.2 112 msec 60 msec 76 msec

2 192.168.12.1 76 msec 64 msec 72 msec
3 10.10.10.1 168 msec 184 msec 140 msec
R20#

For more global picture about differences between VRRP, HSRP and GLBP take a look at the post entitled Fir s t
H o p R e d und a nc y p r o to c o l c o m p a r is o n ( H SR P , V R R P , G LB P )
About these ads

Share this:

Like this:
Be the first to like this.
FILED UNDER IP SERVICES

TAGGED WITH VRRP

One Response to VRRP and Load Sharing

the end of the vintage wedding trend2 says:
June 2, 2013 at 2:20 pm

Some genuinely nice stuff on this internet site , I enjoy it.

Reply

Leave a Reply
Enter your comment here...

Blog at WordPress.com.

The Enterprise Theme.

converted by Web2PDFConvert.com

converted by Web2PDFConvert.com