VRRP/VRRPv3

Summary

VRRP is a protocol for backing up multiple routers in environments where dynamic routing is not available.

VRRP has a virtual router with virtual IP address and MAC address. One master that is among multiple routers on which VRRP is running operates using the IP address / MAC address of the virtual router. Other routers operate as backups, and if the master goes down, it immediately takes over the virtual IP address / MAC address and behaves as though the virtual router continues to exist. By setting the virtual router as the default gateway, the host can continue communication via backup even if the master goes down.

                  +-----+      +-----+
                  | MR1 |      | BR1 |
                  |     |      |     |
                  |     |      |     |
     VRID=1       +-----+      +-----+
     IP A ---------->*            *<--------- IP B
                     |            |
                     |            |
                     |            |
   ------------------+------------+-----+--------+--------+--------+--
                                        ^        ^        ^        ^
                                        |        |        |        |
                                      (IP A)   (IP A)   (IP A)   (IP A)
                                        |        |        |        |
                                     +--+--+  +--+--+  +--+--+  +--+--+
                                     |  H1 |  |  H2 |  |  H3 |  |  H4 |
                                     +-----+  +-----+  +--+--+  +--+--+

  • Two VRRP routers belong to the VRRP group with VRID=1, and the IP address of the virtual router is (IP A).
  • All hosts Hx set (IP A) as the default gateway.
  • Normally, the master router MR1 handles traffic from the host.
  • When MR1 shuts down, BR1 operates as a backup and continues communication.

Compatible Models & Firmware Revisions

Yamaha routers support VRRP / VRRPv3 with the following models and firmware.
Corresponding items depend on revision. Please refer to the following.

Model VRRP VRRPv3
RTX5000 From the first Rev. Rev.14.00.18 or later
FWX120 Rev.11.03.23 or later
RTX810 Rev.11.01.29 or later

*VRRPv3 use with other company's products has not been confirmed.

Terms

  • VRRP router
    A router that supports and is operating the VRRP protocol.
  • Virtual router
    A virtual router realized by the VRRP protocol. In an environment running VRRP, specify this virtual router as the default gateway.
  • Master router
    A router that actually delivers packets among multiple VRRP routers that act as virtual routers.
  • Backup router
    A router that becomes a backup for Master router from multiple VRRP routers playing the role of a virtual router when the master falls.
  • VRRP group
    Group of VRRP routers. One VRRP group has one virtual router.
  • VRID
    An identifier of the VRRP group, an integer from 1 to 255.
  • VRRP advertisement
    VRRP data that the master router sends to the LAN. By receiving it, the backup router recognizes that the master router is operating.
  • Shutdown
    The master router stops sending VRRP advertisements.

Details

VRRP group

VRRP identifies groups of VRRP routers by VRID. A VRRP router with the same VRID belongs to the same group, and only one of the VRRP routers delivers the packet as a master. When the master shuts down, the other router takes over the action immediately as a backup.

Different VRIDs are considered different VRRP groups. Multiple VRRP groups can exist on the same LAN, and each other operates completely independently. It is also possible for a single router to belong to more than one VRRP group. For example, there are two routers "a" and "b", two VRRP groups "A" and "B", both "a" and "b" belong to both "A" and "B". You can set the master of "A" to "a", the master of "B" to be "b". In this case, the default gateway of the PC can be set to either A or B virtual router. The two VRRP routers can load balance and process traffic while combining each other's backups.

                  +-----+      +-----+
                  | MR1 |      | MR2 |
                  |  &  |      |  &  |
                  | BR2 |      | BR1 |
     VRID=1       +-----+      +-----+         VRID=2
     IP A ---------->*            *<---------- IP B
                     |            |
                     |            |
                     |            |
   ------------------+------------+-----+--------+--------+--------+--
                                        ^        ^        ^        ^
                                        |        |        |        |
                                      (IP A)   (IP A)   (IP B)   (IP B)
                                        |        |        |        |
                                     +--+--+  +--+--+  +--+--+  +--+--+
                                     |  H1 |  |  H2 |  |  H3 |  |  H4 |
                                     +-----+  +-----+  +--+--+  +--+--+
  • The two routers that are VRRP routers belong to two VRRP groups with VRID=1 and 2, and the IP addresses of the virtual routers are (IP A) and (IP B), respectively.
  • The hosts are divided into two groups. H1/H2 are set (IP A) and H3/H4 are set (IP B) as the default gateway.
  • Normally, MR1/MR2 processes communication from the hosts and performs load distribution.
  • When MR1 goes down, BR1 acts as a backup, and when MR2 goes down, BR2 operates as a backup.

Virtual router

Since the IP address of the virtual router can be set freely, the following two cases are conceivable.

  1. As the IP address of the virtual router, use the IP address of one of the VRRP routers belonging to the VRRP group.

    In this case, the VRRP router with the IP address of the virtual router must be the master and the other routers will be the backup.

  2. Use a completely different IP address as the IP address of the virtual router.

    In this case, the master router is automatically determined in advance according to the priority set in the VRRP router. Priority is an integer from 1 to 254, and the larger one takes precedence. Between VRRP routers with the same priority, the one with the larger IP address takes precedence.

The MAC address of the virtual router uses the unicast address determined for each VRRP group.

Shutdown of master router

The master router inevitably shuts down when it is disconnected from the LAN or the power supply goes down. And it can also actively shut down and switch to the backup router when communication on the line side cannot be done for some reason.

Priority

Each VRRP router has a priority, a router with a higher priority becomes the master router, and the other routers are backup routers. Priority is set with a numerical value from 1 to 255, but for smooth master/backup switching it is a good idea to keep the difference of the priority as large as possible.

In addition, the priority can be set to the same value, in that case, the VRRP router to be given priority is determined by the value of the IP address of the LAN interface of each VRRP router. However, since multiple routers try to become a master router at the same time, it may happen that the master router is not stable during the adjustment. Therefore, priority should be set with as much difference as possible.

Preempt mode

One of the operation modes of VRRP is preemption mode. The method of selecting the master router will change depending on whether it is preemption mode or not.

In non-preempt mode, if the low priority VRRP router was previously the master router, even if a higher priority VRRP router later joins there, the master router will not switch. The master router will continue to operate as a master. On the other hand, when operating in preemption mode, the master router switches over whenever a higher priority VRRP router is added.

Normally, it operates in preempt mode. Non-preempt mode is available when the master router goes down frequently.

Dynamic routing

It should not operate dynamic routing on the LAN interface where VRRP is configured. On the other hand, you can operate dynamic routing control on an interface that does not have VRRP configured and switch the master router in that state.

Cooperation between VRRP and NAT

As the specification of Yamaha router, if the virtual IP address of VRRP and the outside address of NAT are the same, it will work together. (Responds to ARP only when it is in the master state) For static NAT as well, only one entry with an outer address matching the virtual IP address of VRRP will work with VRRP. Up to the outer address of the static NAT that does not match the virtual IP address of VRRP can not be linked to VRRP.

Command

Use VRRP

Set the VRRP for Each Interface

[Syntax]
ip interface vrrp vrid ip_address [priority=priority] [preempt=preempt] [auth=auth] [advertise-interval=time1] [down-interval=time2]
no ip interface vrrp vrid [vrid...]
[Setting and Initial value]
  • interface
    • [Setting] : LAN interface name
    • [Initial value] : -
  • vrid
    • [Setting] : VRRP group ID (1..255)
    • [Initial value] : -
  • ip_address
    • [Setting] : IP address of the virtual router
    • [Initial value] : -
  • priority
    • [Setting] : Priority (1..254)
    • [Initial value] : 100
  • preempt : Preempt mode
    • [Setting] :

      Setting Description
      on Use
      off Not use
    • [Initial value] : on
  • auth
    • [Setting] : Text authentication text string (up to 8 characters)
    • [Initial value] : -
  • time1
    • [Setting] : VRRP advertisement interval (seconds)
    • [Initial value] : 1
  • time2
    • [Setting] : Time to determine that the master is down (seconds)
    • [Initial value] : 3
[Description]

Sets the router to use the specified VRRP group.
The VRID and the IP address of the virtual router must match among the routers belonging to the same VRRP group. If they do not match, the operation cannot be predicted.
If the auth parameter is not specified, the router operates with no authentication.

Set the interval at which the master sends the VRRP advertisements with the time1 parameter. Set the time for the backup router to monitor the advertisement and determine that the master is down with the time2 parameter. On a network with high traffic, the operation may stabilize if these values are set longer than the default values. These values must match among all the VRRP routers.

[Note]

The settings of the priority and preempt parameters are discarded, if the IP address of the virtual router is set to the address allocated to its own LAN interface. In this case, the priority is set to the maximum value of 255, and the router operates in preempt mode at all times.


Set the shutdown trigger for operating as a master router.

Set the Shutdown Trigger

[Syntax]
ip interface vrrp shutdown trigger vrid interface
ip interface vrrp shutdown trigger vrid pp peer_num
ip interface vrrp shutdown trigger vrid route network [nexthop]
no ip interface vrrp shutdown trigger vrid interface
no ip interface vrrp shutdown trigger vrid pp peer_num [...]
no ip interface vrrp shutdown trigger vrid route network
[Setting and Initial value]
  • interface
    • [Setting] : LAN interface name
    • [Initial value] : -
  • vrid
    • [Setting] : VRRP group ID (1..255)
    • [Initial value] : -
  • peer_num
    • [Setting] : Peer number
    • [Initial value] : -
  • network
    • [Setting] :
      • Network address
      • IP address/mask length
      • default
    • [Initial value] : -
  • nexthop
    • [Setting] :
      • Interface Name
      • IP address
    • [Initial value] : -
[Description]

Sets the router to shutdown according to the specified conditions when operating as a master router in the specified VRRP group.

Type Description
LAN interface type Shut down when the link of the specified LAN interface is deactivated, or after a down detection by lan keepalive.
pp type Shut down when communication is no longer possible on the line corresponding to the specified peer number. "Communication is no longer possible" refers to the case when layer 1 is deactivated such as when the cable is disconnected as well as the cases indicated below.
  • When the router detects that the peer is down through the pp keepalive use setting.
route type Shuts down if the specified route does not exist in the routing table or the route is not directed at the interface specified by nexthop or the gateways specified by an IP address. If nexthop is omitted, the router does not shut down as long as the route exists regardless of where it is directed.

Set the IP Address of the Local Security Gateway

Set the IP Address of the Local Security Gateway

[Syntax]
ipsec ike local address gateway_id ip_address
ipsec ike local address gateway_id vrrp interface vrid
ipsec ike local address gateway_id ipv6 prefix prefix on interface
ipsec ike local address gateway_id ipcp pp pp_num
no ipsec ike local address gateway_id [ip_address]
[Setting and Initial value]
  • gateway_id
    • [Setting] : Security Gateway ID
    • [Initial value] : -
  • ip_address
    • [Setting] : IP address of the local security gateway
    • [Initial value] : -
  • interface
    • [Setting] : LAN interface name
    • [Initial value] : -
  • vrid
    • [Setting] : VRRP group ID (1..255)
    • [Initial value] : -
  • prefix
    • [Setting] : Prefix
    • [Initial value] : -
  • pp_num
    • [Setting] : PP interface number
    • [Initial value] : -
[Description]

Sets the IP address of the local security gateway.

In the second syntax that specifies the vrrp keyword, the virtual IP address of the specified LAN interface/VRRP group ID is used as the local security gateway address only when the router is operating as a VRRP master.
Key exchange is not carried out if the router is not a VRRP master.

In the third syntax, which contains the ipv6 keyword, specify the IPv6 dynamic address.

In the fourth syntax, which contains the ipcp keyword, specify the PP interface to acquire the IPCP address from.

[Note]

If this command is not specified, IKE is started using an IP address of an interface close to the remote security gateway.


Use VRRPv3

Set VRRPv3 for Each Interface

[Syntax]
ipv6 interface vrrp vrid ipv6_address [priority=priority] [preempt=preempt] [auth=auth] [advertise-interval=time1] [down-interval=time2]
no ipv6 interface vrrp vrid [vrid...]
[Setting and Initial value]
  • interface
    • [Setting] : LAN interface name
    • [Initial value] : -
  • vrid
    • [Setting] : VRRPv3 Group ID (1..255)
    • [Initial value] : -
  • ipv6_address
    • [Setting] : IPv6 address of virtual router
    • [Initial value] : -
  • priority
    • [Setting] : Priority (1..254)
    • [Initial value] : 100
  • preempt : Preempt mode
    • [Setting] :

      Setting Description
      on Enable the VRRPv3
      off Disable the VRRPv3
    • [Initial value] : on
  • auth
    • [Setting] : Text string for authentication (8 characters or less)
    • [Initial value] : -
  • time1
    • [Setting] : Interval time of VRRPv3 advertisement (1..60 seconds)
    • [Initial value] : 1
  • time2
    • [Setting] : The time until detecting the down of master (3..180 seconds)
    • [Initial value] : 3
[Description]

Set whether to utilize specified VRRPv3 group or not.
VRID and IPv6 address of virtual router must be matched on the routers belonged to a VRRPv3 group.
When the auth parameter is not set, the authentication does not performed.

It is possible to set the interval time of VRRPv3 advertisement from master and the time until detecting the down of master by time1 and time2 parameter. VRRPv3 may be stable by setting these command parameters longer than the initial value. These parameters must be matched on routers belonged to same VRRP group.

[Note]

When own IPv6 address is set as IPv6 address of virtual router, priority and preempt parameters are ignored. In this case, priority is treated as 255 (top priority) and it works as preempt mode.


Set the shutdown trigger for operating as a master router.

Set the Shutdown trigger

[Syntax]
ipv6 interface vrrp shutdown trigger vrid interface
ipv6 interface vrrp shutdown trigger vrid pp peer_num
ipv6 interface vrrp shutdown trigger vrid route network [nexthop]
no ipv6 interface vrrp shutdown trigger vrid interface
no ipv6 interface vrrp shutdown trigger vrid pp peer_num [...]
no ipv6 interface vrrp shutdown trigger vrid route network
[Setting and Initial value]
  • interface
    • [Setting] : LAN interface name
    • [Initial value] : -
  • vrid
    • [Setting] : VRRPv3 Group ID (1..255)
    • [Initial value] : -
  • peer_num
    • [Setting] : Peer number
    • [Initial value] : -
  • network
    • [Setting] :
      • IPv6 prefix/prefix length
      • default
    • [Initial value] : -
  • nexthop
    • [Setting] :
      • Interface name
      • IPv6 address
    • [Initial value] : -
[Description]

Sets the router to shutdown according to the specified conditions when operating as a master router in the specified VRRPv3 group.

Type Description
LAN interface type Shut down when the link of the specified LAN interface is deactivated, or after a down detection by lan keepalive.
pp type Shut down when communication is no longer possible on the line corresponding to the specified peer number. "Communication is no longer possible" refers to the case when layer 1 is deactivated such as when the cable is disconnected as well as the cases indicated below.
  • When the router detects that the peer is down through the pp keepalive use setting.
route type Shuts down if the specified route does not exist in the routing table or the route is not directed at the interface specified by nexthop or the gateways specified by an IPv6 address. If nexthop is omitted, the router does not shut down as long as the route exists regardless of where it is directed.

Show VRRP Information

Show VRRP Information

[Syntax]
show status vrrp [interface [vrid]]
[Setting and Initial value]
  • interface
    • [Setting] : LAN interface name
    • [Initial value] : -
  • vrid
    • [Setting] : VRRP group ID (1..255)
    • [Initial value] : -
[Description]

Shows VRRP information.

Return to Top