Configuring VRRP with CLI

This section provides information to configure VRRP using the command line interface.

  1. VRRP Configuration Overview
  2. Basic VRRP Configurations
  3. Common Configuration Tasks
  4. Configuring IES/VPRN VRRP Parameters

VRRP Configuration Overview

Configuring VRRP policies and instances on service interfaces is optional. The basic owner and non-owner VRRP configurations on an IES or VPRN interface must specify the backup ip-address parameter.

VRRP helps eliminate the single point of failure in a routed environment by using virtual router IP address(es) shared between two or more routers connecting the common domain. VRRP provides dynamic failover of the forwarding responsibility to the backup router if the master becomes unavailable.

The VRRP implementation allows one master per IP subnet. All other VRRP instances in the same domain must be in backup mode.

Preconfiguration Requirements

VRRP policies:

  1. VRRP policies must be configured before they can be applied to an IES or VPRN VRRP instance. VRRP policies are configured in the config>vrrp context.

Configuring VRRP on an IES or VPRN service interface:

  1. the service customer account must be created prior to configuring an IES or VPRN VRRP instance
  2. the interface address must be specified in both the owner and non-owner IES or VPRN instances

Basic VRRP Configurations

Configure VRRP parameters in the following contexts:

  1. VRRP Policy
  2. VRRP IES or VPRN Service Parameters

VRRP Policy

Configuring and applying VRRP policies is optional. There are no default VRRP policies. Each policy must be explicitly defined. A VRRP configuration must include the following:

  1. Policy ID
  2. at least one of the following priority events:
    1. Port down
    2. Host unreachable
    3. Route unknown

The following example displays a configuration of a VRRP policy.

config>vrrp>policy# info 
---------------------------------------------- 
delta-in-use-limit 50 
priority-event 
port-down 4/1/2 
hold-set 43200 
priority 100 delta 
exit 
port-down 4/1/3 
priority 200 explicit 
exit 
host-unreachable 10.10.24.4 
drop-count 25 
exit 
route-unknown 10.10.0.0/32 
priority 50 delta 
protocol bgp 
exit
exit 
----------------------------------------------

Deleting a VRRP Policy

Policies are only applied to non-owner VRRP instances. A VRRP policy cannot be deleted if it is applied to an IES or VPRN service. Each instance in which the policy is applied must be deleted. The following example displays a policy deletion.

config>vrrp
config>vrrp# no policy 1

The Applied column in the following example displays whether or not the VRRP policies are applied to an entity.

#show>vrrp# policy
======================================================
VRRP Policies
======================================================
Policy    Current             Current      Current      Delta Applied Svc
Id        Priority & Effect   Explicit     Delta Sum    Limit         Context
-------------------------------------------------------------------------------
1         70   Delta          None         70           1     Yes     None
100       None                None         None         1     No      None
255       None                None         None         1     No      None

VRRP IES or VPRN Service Parameters

VRRP parameters are configured within an IES service with two contexts, owner or non-owner. The status is specified when the VRRP configuration is created. When configured as owner, the virtual router instance has the same real IP addresses as the virtual backup IP addresses. All other virtual router instances participating in this message domain must have the same VRID configured and cannot be configured as owner.

Note:

VRRP service parameter configuration is the same for VPRN.

For IPv4, up to two VRIDs can be configured on an IES service interface. Each virtual router instance can manage up to eight backup IP addresses.

VRRP parameters configured within an IES service must include the following:

  1. vrid
  2. virtual backup IP address(es)

The following example displays a configuration of IES service owner and non-owner VRRP configurations.

config>service>ies# info
----------------------------------------------
interface "tuesday" create
   address 10.10.36.2/24
   sap 7/1/1:100 create
   vrrp 19 owner
      backup 10.10.36.2
      authentication-key "testabc"
   exit
exit
interface "testing" create
   address 10.10.10.16/24
   sap 1/1/55:0 create
   vrrp 12
      backup 10.10.10.15
      policy 1
      authentication-key "testabc"
   exit
exit
   no shutdown
----------------------------------------------
config>service>ies#

Common Configuration Tasks

This section provides a brief overview of the tasks that must be performed to configure VRRP and list the CLI commands.

VRRP parameters are defined under a service interface context. An IP address must be assigned to each IP interface. Only one primary IP address can be associated with an IP interface but several secondary IP addresses can be associated.

Owner and non-owner configurations must include the following parameters:

  1. all participating routers in a VRRP instance must be configured with the same VRID
  2. all participating non-owner routers can specify up to eight backup IP addresses (IP addresses the master is representing). The owner configuration must include at least one backup IP address.

Other owner and non-owner configurations include the following optional commands:

  1. authentication-key
  2. MAC
  3. message-interval

In addition to the common parameters, the following non-owner commands can be configured:

  1. master-int-inherit
  2. priority
  3. policy
  4. ping-reply
  5. preempt
  6. telnet-reply
  7. ssh-reply
  8. [no] shutdown

Configuring IES/VPRN VRRP Parameters

VRRP parameters can be configured on an interface in a service to provide virtual default router support that allows traffic to be routed without relying on a single router in case of failure. VRRP can be configured in the following ways:

  1. Configuring VRRP on Subnets
  2. Non-owner VRRP
  3. Owner VRRP
  4. Deleting VRRP on a Service

Configuring VRRP on Subnets

If you have multiple subnets configured on an IES or VPRN interface, you can configure VRRP on each subnet.

The following displays an IES interface configuration example:

config>service>ies# info 
#------------------------------------------ 
interface "test-A" create
 address 123.123.123.123/24
 exit
 interface "testB" create
 address 123.123.123.123/24
 exit
 interface "testB"
 address 10.10.14.1/24
 secondary 10.10.16.1/24
 secondary 10.10.17.1/24
 secondary 10.10.18.1/24
 exit
 no shutdown

Non-owner VRRP

The following displays a basic non-owner VRRP configuration example:

config>service>ies# info
#----------------------------------------------
interface "test2" create
address 10.10.10.16/24
sap 1/1/55:0 create
vrrp 12
backup 10.10.10.15
policy 1
authentication-key “testabc”
exit
exit
no shutdown
#----------------------------------------------
config>service>ies#

If a VRRP instance is created as non-owner, it cannot be changed to the owner state. The VRID must be deleted and then recreated with the owner keyword to invoke IP address ownership.

Owner VRRP

The following displays an owner VRRP configuration example:

config>service>ies# info 
#----------------------------------------------
interface “test2” create
address 10.10.10.23/24
vrrp 1 owner
backup 10.10.10.23
authentication-key “testabc”
exit
exit
#----------------------------------------------
config>service>ies#
 

If a VRRP instance is created as owner, it cannot be changed to the non-owner state. The VRID must be deleted and then recreated without the owner keyword to remove IP address ownership.

Deleting VRRP on a Service

The VRID does not need to be shut down to remove the virtual router instance from a service.

The following example displays the command usage to delete a VRRP instance in non-owner mode from an IES service:

Example:
config>service# ies 10
config>service>ies# interface test
config>service>ies>if# no vrrp 1
config>service>ies>if# exit all