VRRP (Virtual Router Redundancy Protocol)

(Srinivasan C) #13

Hi Rene,
I think above configuration can be applied to all SVI for supporting multiple Vlans .
Is it correct? Is there any limitation ?

Thanks,
Srini

0 Likes

(Rene Molenaar) #14

That’s right, you can enable this on routed interfaces or SVI interfaces.

0 Likes

(Masaharu K) #15

I want lessons about VRRP version3

0 Likes

(Rene Molenaar) #16

I will add this to my list.

0 Likes

(Ivaylo A) #17

Hi Rene!
Thank you for this lecture.
However I’m still having hard time understanding how load-balancing for different vlans has to be configured.
Let’s say we have Routers instead of Switches A and B in the lecture topology and computers are in different vlans. How do you provide routing between them and load balancing with stateful failover?!?

0 Likes

(Andrew P) #18

Hi Ivaylo,
The short answer to your question is that you will need a separate VRRP instance for each vlan that you want to have a highly available gateway.

I have attached a new topology to discuss this. In it, you will see that Computers A and B are in different VLANs (A and B). Switch A and Switch B are both connected to the access-layer Switch C. Note: These connections must be configured as trunks, let’s say the modern 802.1Q standard with both VLAN A and VLAN B allowed. Additionally, it would be a good idea to have Switch A and Switch B directly connected to each other (in the real world this is done with Etherchannel), and that connection must also be a trunk that allows all VLANs between them.

At this point, you are ready to configure Switch A and Switch B. Each will need an SVI (switched virtual interface) for both VLAN A and VLAN B. You would treat these SVIs just like regular interfaces–just think of them as the Switch’s presence in the VLAN in question. Here’s a sample of getting the config going for Switch A:

SwitchA(config)#interface vlan A
SwitchA(config-if)#ip address 192.168.1.252 255.255.255.0
SwitchA(config-if)#vrrp 1 ip 192.168.1.254
SwitchA(config-if)#vrrp 1 priority 105
SwitchA(config-if)#interface vlan B
SwitchA(config-if)#ip address 192.168.1.252 255.255.255.0
SwitchA(config-if)#vrrp 2 ip 192.168.2.254

Now Switch B:

SwitchB(config)#interface vlan A
SwitchB(config-if)#ip address 192.168.1.253 255.255.255.0
SwitchB(config-if)#vrrp 1 ip 192.168.1.254
SwitchB(config-if)#interface vlan B
SwitchB(config-if)#ip address 192.168.1.253 255.255.255.0
SwitchB(config-if)#vrrp 2 ip 192.168.2.254
SwitchB(config-if)#vrrp 2 priority 105

Notice above, that Switch B will have priority for being the virtual gateway of VLAN B, and likewise, Switch A has priority for VLAN A. This way, you can load balance which Switch will handle the traffic on a per-VLAN basis.

0 Likes

(Andrew P) #20

Dinh,
You might have to provide more details, but at first glance, this won’t work well. My suggestion would be, if you are using Cisco Routers or Switches, to use GLBP instead of VRRP since it has the ability to do what you are asking easily. If you insist on using VRRP, you will have a problem with DHCP. From your example, I assume you are trying to balance the gateways on the same subnet. In DHCP (at least the Windows version), although you can define multiple gateways, this won’t result in load-balancing. Instead, the additional gateways will only be used if the primary is unavailable.

Again, it sounds like Gateway Load-Balancing Protocol is what you should use. By the way, there is a lesson on GLBP here.

0 Likes

(aniket g) #21

Hi Rene,

I have confusion between interface tracking & object tracking.As you have mentioned VRRP only supports object tracking,does IP SLA mean object tracking?

0 Likes

(Shantel - Networklessons.com) split this topic #22

19 posts were merged into an existing topic: VRRP (Virtual Router Redundancy Protocol)

0 Likes

(Raghu K) #23

Could someone help me to give more details on why we need gratituous ARP in VRRP.What I read so far from various source is there will be a GARP sent immediately after backup router takes master role to update underlying switch MAC table which I felt it can be done with VRRP advertisement(source MAC as virtual MAC) instead of GARP.

0 Likes

(Rene Molenaar) #24

Hi Raghu,

It is a good question and to be honest, I can’t really find a good answer. Take a look at this Wireshark capture:

https://www.cloudshark.org/captures/f95de647e6aa

This capture shows how 192.168.1.2 (current master) is taken over by 192.168.1.1 (new master). Both the advertisement and the gratuitous ARP have the same source MAC address (0000.5e00.0101). A switch can update its MAC address table with the source MAC address in the advertisement, we don’t need the gratuitous ARP for that.

The only difference is that the gratuitous ARP is also sent as a broadcast, not just to a multicast destination. Still, I’m having a hard time thinking of a reason why we need anything next to the updated advertisement. The RFC also doesn’t explain why they use the gratuitous ARP. If anything comes to mind, I’ll update my answer here.

0 Likes

(Raghu K) #25

Thanks Rene.

I read somewhere in the Internet that Huawei routers use interface MAC as a source MAC for VRRP advertisement with period GARP with source MAC as virtual to update underlying switch table.

RFC talks something about GARP for token ring topology RIF table - I am not sure what was that and how GARP plays a vital role in token ring case though no one is using now a days.

RFC also says VRRP advertisement should use source MAC as virtual MAC

Regards

Raghu.K

0 Likes

(Chris N) #26

Hi Rene

Can you confirm that object tracking means IP SLA tracking?

Also, could you update the table to confirm that VRRP now supports 255 groups per interface?

Thanks

0 Likes

(Lazaros Agapides) #27

Hello Chris

Object tracking and IP SLA are not the same thing although the concepts are related. For example, an IP SLA can be configured to track objects. In order to understand this further, let’s take a look at HSRP, VRRP and objects.

As far as HSRP and VRRP go, object tracking is an independent process that manages creating, monitoring, and removing tracked objects such as the state of the line protocol of an interface. Clients such as the Hot Standby Router Protocol (HSRP) and VRRP register their interest with specific tracked objects and act when the state of an object changes.

IP SLA on the other hand uses active monitoring of objects by generating traffic to measure network performance. IP SLA operations collects real-time metrics that can be used for network troubleshooting, design, and analysis.

I hope this has been helpful!

Laz

0 Likes

(Kuoch K) #28

Hi Rene !
Is VRRP need to use IP SLA or interface tracking like HSRP ?

0 Likes

(Lazaros Agapides) #29

Hello Kuoch

Yes, VRRP is capable of tracking interfaces as well as using IP SLA to determine the currently active gateway. Both of these features are achieved using object tracking. Object tracking can be used to follow both the state of interfaces as well as the results of an IP SLA.

HSRP is capable of using object tracking for this purpose as well and is applied in much the same way.

The following two Cisco links show the method of applying object tracking to VRRP and HSRP respectively.

I hope this has been helpful!

Laz

0 Likes

(Oliver M) #30

Hi Rene,
in your VRRP section you mention 16 groups maximum for HSRP.
In your HSRP section https://networklessons.com/cisco/ccnp-switch/hsrp-hot-standby-routing-protocol/ you say 0 – 255 (HSRPv1) and 0 – 4095 (HSRPv2).
It seems that this is an individual number depending on the hardware model. Right ?
When researching further i found following:
3550 - 16 groups
3750 - 32 groups

On following document for 3850


it says:

You can configure up to 128 groups at the configuration level but the recommended HSRP group number limit is 64.

Routers seem to be capable of up to 255 (HSRPv1) and 4095 (HSRPv2).
So this doesn’t seem to be fixed value at least not for switches. It seems to be dependent on the platform.

Could you please confirm or correct me ?

Many thanks,
Oliver

0 Likes

(Lazaros Agapides) #31

Hello Oliver

How many groups can be configured depend on what limiting factor you are looking at. Strictly from a software point of view, the IOS is capable of supporting 256 groups for v1 and 4096 for v2. More precisely, the group ID numbers can be within these ranges. However, various platforms limit this number because of the hardware that is available to support it. Like you said, the 3550 supports 16 groups, the 3750 supports 32 groups and the 3850 can technically support 128 but it is recommended to limit it to 64.

I hope this has been helpful!

Laz

0 Likes

(Oliver M) #32

Hi,

thank you for confirming. It’s clear now.

Rgds,
Oliver

1 Like

(aniket g) #33

Hi Team,

Can you please explain Gratuitous ARP concept

0 Likes