Virtual Router Redundancy - VRR and VRRP
Cumulus Linux provides the option of using VRR or VRRP.
-
VRR enables hosts to communicate with any redundant switch without reconfiguration by running dynamic router protocols or router redundancy protocols. Redundant switches respond to ARP requests from hosts. The switches respond in an identical manner, but if one fails, the other redundant switches continue to respond. You use VRR with MLAG.
Use VRR when you connect multiple devices to a single logical connection, such as an MLAG bond. A device that connects to an MLAG bond believes there is a single device on the other end of the bond and only forwards one copy of the transit frames. If the destination of this frame is the virtual MAC address and you are running VRRP, the frame can go to the link connected to the VRRP standby device, which does not forward the frame to the right destination. With the virtual MAC active on both MLAG devices, either MLAG device handles the frame it receives.
-
VRRP allows two or more network devices in an active or standby configuration to share a single virtual default gateway. The physical VRRP switch that forwards packets at any given time is the master. If this VRRP switch fails, another VRRP standby switch automatically takes over as master. You use VRRP without MLAG.
Use VRRP when you have multiple distinct devices that connect to a layer 2 segment through multiple logical connections (not through a single bond). VRRP elects a single active forwarder that owns the virtual MAC address while it is active. This prevents the forwarding database of the layer 2 domain from continuously updating in response to MAC flaps because the switch receives frames sourced from the virtual MAC address from discrete logical connections.
You cannot configure both VRR and VRRP on the same switch.
VRR
The diagram below illustrates a basic VRR-enabled network configuration.
The network includes three servers and two Cumulus Linux switches. The switches use MLAG.
- As the bridges in each of the redundant switches connect, they each receive and reply to ARP requests for the virtual router IP address.
- Each ARP request by a server receives replies from each switch; these replies are identical, and the server receiving the replies either ignores replies after the first, or accepts them and overwrites the previous identical reply.
- VRR uses the default fabric-wide MAC address 00:00:5E:00:01:01. If necessary, you can change the VRR MAC address.
Configure the Switches
The switches implement the layer 2 network interconnecting the servers and the redundant switches. To configure the switches, add a bridge with the following interfaces to each switch:
- One bond interface or switch port interface to each server. For networks using MLAG, use bond interfaces. Otherwise, use switch port interfaces.
- One or more interfaces to each peer switch. To accommodate higher bandwidth between the switches and to offer link redundancy, multiple inter-peer links are typically bonded interfaces. The VLAN interface must have a unique IP address for both the physical and virtual interface; the switch uses the unique address when it initiates an ARP request.
Cumulus Linux only supports VRR on an SVI. You cannot configure VRR on a physical interface or virtual subinterface.
The example commands below create a VLAN-aware bridge interface for a VRR-enabled network. The example assumes you have already configured a VLAN-aware bridge with VLAN 10 and that VLAN 10 has an IP address and uses the default fabric-wide VRR MAC address 00:00:5e:00:01:01.
cumulus@switch:~$ nv set interface vlan10 ip vrr address 10.1.10.1/24
cumulus@switch:~$ nv set interface vlan10 ip vrr state up
cumulus@switch:~$ nv config apply
Use the same commands for IPV6 addresses; for example:
cumulus@switch:~$ nv set interface vlan10 ip vrr address 2001:db8::1/32
cumulus@switch:~$ nv set interface vlan10 ip vrr state up
Edit the /etc/network/interfaces
file, then run the ifreload -a
command.
cumulus@switch:~$ sudo nano /etc/network/interfaces
...
auto vlan10
iface vlan10
address 10.1.10.2/24
address-virtual 00:00:5e:00:01:01 10.1.10.1/24
vlan-raw-device br_default
vlan-id 10
...
cumulus@switch:~$ sudo ifreload -a
Change the VRR MAC Address
Cumulus Linux sets a fabric-wide MAC address to ensure consistency across VRR switches, which is especially useful in an EVPN multi-fabric environment. If you prefer, you can change the VRR MAC address globally with one NVUE command. You can also override the global setting for a specific VLAN.
To set the VRR MAC address globally with one NVUE command, either:
- Set the fabric-wide VRR MAC address to a value in the reserved range between 00:00:5E:00:01:00 and 00:00:5E:00:01:FF. Be sure to use an address in this reserved range to prevent MAC address conflicts with other interfaces in the same bridged network.
- Set a fabric ID, from which Cumulus Linux derives the MAC address. You can specify a number between 1 and 255. Cumulus Linux adds the number to the MAC address 00:00:5E:00:01:00 in hex. For example, if you specify 255, the VRR MAC address is 00:00:5E:00:01:FF.
The default VRR MAC address is 00:00:5E:00:01:01, which the switch derives from a fabric ID setting of 1.
To change a VRR MAC address globally on the switch, run the nv set system global fabric-mac <mac-address>
command:
cumulus@switch:mgmt:~$ nv set system global fabric-mac 00:00:5E:00:01:FF
cumulus@switch:mgmt:~$ nv config apply
To set a fabric ID, run the nv set system global fabric-id <number>
command:
cumulus@switch:mgmt:~$ nv set system global fabric-id 255
cumulus@switch:mgmt:~$ nv config apply
To override the global setting for a specific VLAN, run the nv set interface <vlan> ip vrr mac-address <mac-address>
command:
cumulus@switch:mgmt:~$ nv set interface vlan10 ip vrr mac-address 00:00:5E:00:01:00
cumulus@switch:mgmt:~$ nv config apply
To change the VRR MAC address manually, edit the /etc/network/interfaces
file and update the MAC address in the address-virtual
line for each VLAN. Cumulus Linux does not provide a fabric ID option in the /etc/network/interfaces
file.
The following example shows vlan10, vlan20, and vlan30:
cumulus@switch:mgmt:~$ sudo nano /etc/network/interfaces
...
auto vlan10
iface vlan10
address 10.1.10.5/24
address-virtual 00:00:5E:00:01:FF 10.1.10.1/24
hwaddress 44:38:39:22:01:c1
vrf RED
vlan-raw-device br_default
vlan-id 10
auto vlan20
iface vlan20
address 10.1.20.5/24
address-virtual 00:00:5E:00:01:FF 10.1.20.1/24
hwaddress 44:38:39:22:01:c1
vrf RED
vlan-raw-device br_default
vlan-id 20
auto vlan30
iface vlan30
address 10.1.30.5/24
address-virtual 00:00:5E:00:01:FF 10.1.30.1/24
hwaddress 44:38:39:22:01:c1
vrf BLUE
vlan-raw-device br_default
vlan-id 30
...
Make sure to set the same VRR MAC address on both MLAG peers.
EVPN Routing with VRR
In an EVPN routing environment, if you want to configure multiple subnets as VRR addresses on a VLAN, you must configure them with the same VRR MAC address.
The following example commands configure both 10.1.10.1/24 and 10.1.11.1/24 on VLAN 10 using the default fabric-wide VRR MAC address 00:00:5e:00:01:01.
cumulus@switch:mgmt:~$ nv set interface vlan10 ip vrr address 10.1.10.1/24
cumulus@switch:mgmt:~$ nv set interface vlan10 ip vrr address 10.1.11.1/24
cumulus@switch:mgmt:~$ nv config apply
Edit the /etc/network/interfaces
file; for example:
cumulus@switch:mgmt:~$ sudo nano /etc/network/interfaces
auto vlan10
iface vlan10
address 10.1.10.2/24
address 10.1.11.2/24
address-virtual 00:00:5e:00:01:01 10.1.10.1/24 10.1.11.1/24
hwaddress 44:38:39:22:01:7a
vlan-raw-device br_default
vlan-id 10
...
To reduce BGP EVPN processing during convergence, NVIDIA recommends that you use the same fabric-wide MAC address across all VLANs and VRR subnets.
Configure the Servers
Each server must have two network interfaces. The switches configure the interfaces as bonds running LACP; the servers must also configure the two interfaces using teaming, port aggregation, port group, or EtherChannel running LACP. Configure the servers either statically or with DHCP, with a gateway address that is the IP address of the virtual router; this default gateway address never changes.
Configure the links between the servers and the switches in active-active mode for FHRP.
Troubleshooting
To verify the configuration on the switch, run the net show interface
command:
cumulus@leaf01:mgmt:~$ net show interface
State Name Spd MTU Mode LLDP Summary
----- ------------- --- ----- ------------ ----------------------- -----------------------
UP lo N/A 65536 Loopback IP: 127.0.0.1/8
lo IP: 10.10.10.1/32
lo IP: ::1/128
UP eth0 1G 1500 Mgmt oob-mgmt-switch (swp10) Master: mgmt(UP)
eth0 IP: 192.168.200.11/24
UP swp1 1G 9216 BondMember Master: bond1(UP)
UP swp2 1G 9216 BondMember Master: bond2(UP)
UP swp49 1G 9216 BondMember Master: peerlink(UP)
UP swp50 1G 9216 BondMember Master: peerlink(UP)
UP swp51 1G 9216 Default
UP bond1 1G 9216 802.3ad Master: br_default(UP)
bond1 Bond Members: swp1(UP)
UP bond2 1G 9216 802.3ad Master: br_default(UP)
bond2 Bond Members: swp2(UP)
UP br_default N/A 9216 Bridge/L2
UP mgmt N/A 65536 VRF IP: 127.0.0.1/8
mgmt IP: ::1/128
UP peerlink 2G 9216 802.3ad Master: br_default(UP)
peerlink Bond Members: swp49(UP)
peerlink Bond Members: swp50(UP)
UP peerlink.4094 2G 9216 Default
UP vlan10 N/A 9216 Interface/L3 IP: 10.1.10.2/24
UP vlan10-v0 N/A 9216 Interface/L3 IP: 10.1.10.1/24
...
Configuration Example
The following example creates an MLAG configuration that incorporates VRR.
cumulus@leaf01:mgmt:~$ nv set interface lo ip address 10.10.10.1/32
cumulus@leaf01:mgmt:~$ nv set interface swp1-3,swp49-51
cumulus@leaf01:mgmt:~$ nv set interface bond1 bond member swp1
cumulus@leaf01:mgmt:~$ nv set interface bond2 bond member swp2
cumulus@leaf01:mgmt:~$ nv set interface bond3 bond member swp3
cumulus@leaf01:mgmt:~$ nv set interface bond1 bond mlag id 1
cumulus@leaf01:mgmt:~$ nv set interface bond2 bond mlag id 2
cumulus@leaf01:mgmt:~$ nv set interface bond3 bond mlag id 3
cumulus@leaf01:mgmt:~$ nv set interface bond1-3 bridge domain br_default
cumulus@leaf01:mgmt:~$ nv set interface peerlink bond member swp49-50
cumulus@leaf01:mgmt:~$ nv set mlag mac-address 44:38:39:BE:EF:AA
cumulus@leaf01:mgmt:~$ nv set mlag backup 10.10.10.2
cumulus@leaf01:mgmt:~$ nv set mlag peer-ip linklocal
cumulus@leaf01:mgmt:~$ nv set bridge domain br_default vlan 10,20,30
cumulus@leaf01:mgmt:~$ nv set interface vlan10 ip address 10.1.10.2/24
cumulus@leaf01:mgmt:~$ nv set interface vlan10 ip vrr address 10.1.10.1/24
cumulus@leaf01:mgmt:~$ nv set interface vlan10 ip vrr state up
cumulus@leaf01:mgmt:~$ nv set interface vlan20 ip address 10.1.20.2/24
cumulus@leaf01:mgmt:~$ nv set interface vlan20 ip vrr address 10.1.20.1/24
cumulus@leaf01:mgmt:~$ nv set interface vlan20 ip vrr state up
cumulus@leaf01:mgmt:~$ nv set interface vlan30 ip address 10.1.30.2/24
cumulus@leaf01:mgmt:~$ nv set interface vlan30 ip vrr address 10.1.30.1/24
cumulus@leaf01:mgmt:~$ nv set interface vlan30 ip vrr state up
cumulus@leaf01:mgmt:~$ nv config apply
cumulus@leaf02:mgmt:~$ nv set interface lo ip address 10.10.10.2/32
cumulus@leaf02:mgmt:~$ nv set interface swp1-3,swp49-51
cumulus@leaf02:mgmt:~$ nv set interface bond1 bond member swp1
cumulus@leaf02:mgmt:~$ nv set interface bond2 bond member swp2
cumulus@leaf02:mgmt:~$ nv set interface bond3 bond member swp3
cumulus@leaf02:mgmt:~$ nv set interface bond1 bond mlag id 1
cumulus@leaf02:mgmt:~$ nv set interface bond2 bond mlag id 2
cumulus@leaf02:mgmt:~$ nv set interface bond3 bond mlag id 3
cumulus@leaf02:mgmt:~$ nv set interface bond1-3 bridge domain br_default
cumulus@leaf02:mgmt:~$ nv set interface peerlink bond member swp49-50
cumulus@leaf02:mgmt:~$ nv set mlag mac-address 44:38:39:BE:EF:AA
cumulus@leaf02:mgmt:~$ nv set mlag backup 10.10.10.1
cumulus@leaf02:mgmt:~$ nv set mlag peer-ip linklocal
cumulus@leaf02:mgmt:~$ nv set bridge domain br_default vlan 10,20,30
cumulus@leaf02:mgmt:~$ nv set interface vlan10 ip address 10.1.10.3/24
cumulus@leaf02:mgmt:~$ nv set interface vlan10 ip vrr address 10.1.10.1/24
cumulus@leaf02:mgmt:~$ nv set interface vlan10 ip vrr state up
cumulus@leaf02:mgmt:~$ nv set interface vlan20 ip address 10.1.20.3/24
cumulus@leaf02:mgmt:~$ nv set interface vlan20 ip vrr address 10.1.20.1/24
cumulus@leaf02:mgmt:~$ nv set interface vlan20 ip vrr state up
cumulus@leaf02:mgmt:~$ nv set interface vlan30 ip address 10.1.30.2/24
cumulus@leaf02:mgmt:~$ nv set interface vlan30 ip vrr address 10.1.30.1/24
cumulus@leaf02:mgmt:~$ nv set interface vlan30 ip vrr state up
cumulus@leaf02:mgmt:~$ nv config apply
cumulus@leaf01:mgmt:~$ sudo cat /etc/nvue.d/startup.yaml
- set:
bridge:
domain:
br_default:
vlan:
'10': {}
'20': {}
'30': {}
interface:
bond1:
bond:
member:
swp1: {}
mlag:
enable: on
id: 1
bridge:
domain:
br_default: {}
type: bond
bond2:
bond:
member:
swp2: {}
mlag:
enable: on
id: 2
bridge:
domain:
br_default: {}
type: bond
bond3:
bond:
member:
swp3: {}
mlag:
enable: on
id: 3
bridge:
domain:
br_default: {}
type: bond
lo:
ip:
address:
10.10.10.1/32: {}
type: loopback
peerlink:
bond:
member:
swp49: {}
swp50: {}
type: peerlink
peerlink.4094:
base-interface: peerlink
type: sub
vlan: 4094
swp1:
type: swp
swp2:
type: swp
swp3:
type: swp
swp49:
type: swp
swp50:
type: swp
swp51:
type: swp
vlan10:
ip:
address:
10.1.10.2/24: {}
vrr:
address:
10.1.10.1/24: {}
enable: on
state:
up: {}
type: svi
vlan: 10
vlan20:
ip:
address:
10.1.20.2/24: {}
vrr:
address:
10.1.20.1/24: {}
enable: on
state:
up: {}
type: svi
vlan: 20
vlan30:
ip:
address:
10.1.30.2/24: {}
vrr:
address:
10.1.30.1/24: {}
enable: on
state:
up: {}
type: svi
vlan: 30
mlag:
backup:
10.10.10.2: {}
enable: on
init-delay: 100
peer-ip: linklocal
router:
vrr:
enable: on
system:
hostname: leaf01
cumulus@leaf02:mgmt:~$ sudo cat /etc/nvue.d/startup.yaml
- set:
bridge:
domain:
br_default:
vlan:
'10': {}
'20': {}
'30': {}
interface:
bond1:
bond:
member:
swp1: {}
mlag:
enable: on
id: 1
bridge:
domain:
br_default: {}
type: bond
bond2:
bond:
member:
swp2: {}
mlag:
enable: on
id: 2
bridge:
domain:
br_default: {}
type: bond
bond3:
bond:
member:
swp3: {}
mlag:
enable: on
id: 3
bridge:
domain:
br_default: {}
type: bond
lo:
ip:
address:
10.10.10.2/32: {}
type: loopback
peerlink:
bond:
member:
swp49: {}
swp50: {}
type: peerlink
peerlink.4094:
base-interface: peerlink
type: sub
vlan: 4094
swp1:
type: swp
swp2:
type: swp
swp3:
type: swp
swp49:
type: swp
swp50:
type: swp
swp51:
type: swp
vlan10:
ip:
address:
10.1.10.3/24: {}
vrr:
address:
10.1.10.1/24: {}
enable: on
state:
up: {}
type: svi
vlan: 10
vlan20:
ip:
address:
10.1.20.3/24: {}
vrr:
address:
10.1.20.1/24: {}
enable: on
state:
up: {}
type: svi
vlan: 20
vlan30:
ip:
address:
10.1.30.3/24: {}
vrr:
address:
10.1.30.1/24: {}
enable: on
state:
up: {}
type: svi
vlan: 30
mlag:
backup:
10.10.10.1: {}
enable: on
init-delay: 100
peer-ip: linklocal
router:
vrr:
enable: on
system:
hostname: leaf02
cumulus@leaf01:mgmt:~$ sudo cat /etc/network/interfaces
...
auto lo
iface lo inet loopback
auto mgmt
iface mgmt
address 127.0.0.1/8
address ::1/128
vrf-table auto
auto eth0
iface eth0 inet dhcp
ip-forward off
ip6-forward off
vrf mgmt
auto bond1
iface bond1
bond-slaves swp1
bond-mode 802.3ad
bond-lacp-bypass-allow no
clag-id 1
auto bond2
iface bond2
bond-slaves swp2
bond-mode 802.3ad
bond-lacp-bypass-allow no
clag-id 2
auto bond3
iface bond3
bond-slaves swp3
bond-mode 802.3ad
bond-lacp-bypass-allow no
clag-id 3
auto peerlink
iface peerlink
bond-slaves swp49 swp50
bond-mode 802.3ad
bond-lacp-bypass-allow no
auto peerlink.4094
iface peerlink.4094
clagd-peer-ip linklocal
clagd-backup-ip 10.10.10.2
clagd-sys-mac 44:38:39:BE:EF:AA
clagd-args --initDelay 100
auto swp1
iface swp1
auto swp2
iface swp2
auto swp3
iface swp3
auto swp49
iface swp49
auto swp50
iface swp50
auto swp51
iface swp51
auto vlan10
iface vlan10
address 10.1.10.2/24
address-virtual 00:00:5e:00:01:00 10.1.10.1/24
hwaddress 44:38:39:22:01:b1
vlan-raw-device br_default
vlan-id 10
auto vlan20
iface vlan20
address 10.1.20.2/24
address-virtual 00:00:5e:00:01:00 10.1.20.1/24
hwaddress 44:38:39:22:01:b1
vlan-raw-device br_default
vlan-id 20
auto vlan30
iface vlan30
address 10.1.30.2/24
address-virtual 00:00:5e:00:01:00 10.1.30.1/24
hwaddress 44:38:39:22:01:b1
vlan-raw-device br_default
vlan-id 30
auto br_default
iface br_default
bridge-ports bond1 bond2 bond3 peerlink
hwaddress 44:38:39:22:01:b1
bridge-vlan-aware yes
bridge-vids 10 20 30
bridge-pvid 1
cumulus@leaf02:mgmt:~$ sudo cat /etc/network/interfaces
...
auto lo
iface lo inet loopback
address 10.10.10.2/32
auto mgmt
iface mgmt
address 127.0.0.1/8
address ::1/128
vrf-table auto
auto eth0
iface eth0 inet dhcp
ip-forward off
ip6-forward off
vrf mgmt
auto bond1
iface bond1
bond-slaves swp1
bond-mode 802.3ad
bond-lacp-bypass-allow no
clag-id 1
auto bond2
iface bond2
bond-slaves swp2
bond-mode 802.3ad
bond-lacp-bypass-allow no
clag-id 2
auto bond3
iface bond3
bond-slaves swp3
bond-mode 802.3ad
bond-lacp-bypass-allow no
clag-id 3
auto peerlink
iface peerlink
bond-slaves swp49 swp50
bond-mode 802.3ad
bond-lacp-bypass-allow no
auto peerlink.4094
iface peerlink.4094
clagd-peer-ip linklocal
clagd-backup-ip 10.10.10.1
clagd-sys-mac 44:38:39:BE:EF:AA
clagd-args --initDelay 100
auto swp1
iface swp1
auto swp2
iface swp2
auto swp3
iface swp3
auto swp49
iface swp49
auto swp50
iface swp50
auto swp51
iface swp51
auto vlan10
iface vlan10
address 10.1.10.3/24
address-virtual 00:00:5e:00:01:00 10.1.10.1/24
hwaddress 44:38:39:22:01:af
vlan-raw-device br_default
vlan-id 10
auto vlan20
iface vlan20
address 10.1.20.3/24
address-virtual 00:00:5e:00:01:00 10.1.20.1/24
hwaddress 44:38:39:22:01:af
vlan-raw-device br_default
vlan-id 20
uto vlan30
iface vlan30
address 10.1.30.2/24
address-virtual 00:00:5e:00:01:00 10.1.30.1/24
hwaddress 44:38:39:22:01:af
vlan-raw-device br_default
vlan-id 30
auto br_default
iface br_default
bridge-ports bond1 bond2 bond3 peerlink
hwaddress 44:38:39:22:01:af
bridge-vlan-aware yes
bridge-vids 10 20 30
bridge-pvid 1
cumulus@server01:mgmt:~$ sudo cat /etc/network/interfaces
...
auto eth0
iface eth0 inet dhcp
post-up sysctl -w net.ipv6.conf.eth0.accept_ra=2
auto eth1
iface eth1
auto eth2
iface eth2
auto bond1
iface bond1
bond-miimon 100
bond-mode 802.3ad
bond-min-links 1
bond-slaves eth1 eth2
post-up ip route add 10.0.0.0/8 via 10.1.20.1
auto bond1.10
iface bond1.10
address 10.1.10.101/24
auto bond1.20
iface bond1.20
address 10.1.20.101/24
auto bond1.30
iface bond1.30
address 10.1.30.101/24
cumulus@server02:mgmt:~$ sudo cat /etc/network/interfaces
...
auto eth0
iface eth0 inet dhcp
post-up sysctl -w net.ipv6.conf.eth0.accept_ra=2
auto eth1
iface eth1
auto eth2
iface eth2
auto bond1
iface bond1
bond-miimon 100
bond-mode 802.3ad
bond-min-links 1
bond-slaves eth1 eth2
post-up ip route add 10.0.0.0/8 via 10.1.20.1
auto bond1.10
iface bond1.10
address 10.1.10.102/24
auto bond1.20
iface bond1.20
address 10.1.20.102/24
auto bond1.30
iface bond1.30
address 10.1.30.102/24
This demo is pre-configured using NVUE commands.
To validate the configuration, run the nv show interface <vlan> ip vrr
command:
cumulus@leaf02:mgmt:~$ nv show interface vlan10 ip vrr
operational applied description
----------- ----------------- ----------------- ------------------------------------------------------
enable on Turn the feature 'on' or 'off'. The default is 'off'.
mac-address 00:00:5e:00:01:00 00:00:5e:00:01:00 Override anycast-mac
mac-id none Override anycast-id
[address] 10.1.10.1/24 10.1.10.1/24 Virtual addresses with prefixes
state up up The state of the interface
VRRP
VRRP allows two or more network devices in an active standby configuration to share a single virtual default gateway. The VRRP router that forwards packets at any given time is the master. If this VRRP router fails, another VRRP standby router automatically takes over as master. The master sends VRRP advertisements to other VRRP routers in the same virtual router group, which include the priority and state of the master. VRRP router priority determines the role that each virtual router plays and who becomes the new master if the master fails.
All virtual routers use 00:00:5E:00:01:XX for IPv4 gateways or 00:00:5E:00:02:XX for IPv6 gateways as their MAC address. The last byte of the address is the Virtual Router IDentifier (VRID), which is different for each virtual router in the network. Only one physical router uses this MAC address at a time. The router replies with this address when it receives ARP requests or neighbor solicitation packets for the IP addresses of the virtual router.
- Cumulus Linux supports both VRRPv2 and VRRPv3. The default protocol version is VRRPv3.
- You can configure a maximum of 255 virtual routers on a switch.
- You cannot use VRRP with MLAG.
- To configure VRRP on an SVI or traditional mode bridge, you need to edit the
etc/network/interfaces
and/etc/frr/frr.conf
files. - You can use VRRP with layer 3 interfaces and subinterfaces that are part of a VRF.
- You cannot use VRRP in an EVPN configuration; use MLAG and VRR instead.
RFC 5798 describes VRRP in detail.
The following example illustrates a basic VRRP configuration.
Configure VRRP
To configure VRRP, specify the following information on each switch:
- A virtual router ID (VRID) that identifies the group of VRRP routers. You must specify the same ID across all virtual routers in the group.
- One or more virtual IP addresses for the virtual router group. These IP addresses do not directly connect to a specific interface. The switch redirects inbound packets to a virtual IP address to a physical network interface.
You can also set these optional parameters:
Optional Parameter | Default Value | Description |
---|---|---|
priority |
100 | The priority level of the virtual router within the virtual router group, which determines the role that each virtual router plays and what happens if the master fails. Virtual routers have a priority between 1 and 254; the router with the highest priority becomes the master. |
advertisement interval |
1000 milliseconds | The advertisement interval is the interval between successive advertisements by the master in a virtual router group. You can specify a value between 10 and 40950. |
preempt |
enabled | Preempt mode lets the router take over as master for a virtual router group if it has a higher priority than the current master. Preempt mode is on by default. To disable preempt mode, edit the /etc/frr/frr.conf file to add the line no vrrp <VRID> preempt to the interface stanza, then restart the FRR service. |
version |
3 | The VRRP protocol version. You can specify a value of either 2 or 3. |
The following example commands configure two switches (spine01 and spine02) that form one virtual router group (VRID 44) with IPv4 address 10.0.0.1/24 and IPv6 address 2001:0db8::1/64. spine01 is the master; it has a priority of 254. spine02 is the backup VRRP router.
The parent interface must use a primary address as the source address on VRRP advertisement packets.
cumulus@spine01:~$ nv set interface swp1 ip address 10.0.0.2/24
cumulus@spine01:~$ nv set interface swp1 ip address 2001:0db8::2/64
cumulus@spine01:~$ nv set interface swp1 ip vrrp virtual-router 44 address 10.0.0.1
cumulus@spine01:~$ nv set interface swp1 ip vrrp virtual-router 44 address 2001:0db8::1
cumulus@spine01:~$ nv set interface swp1 ip vrrp virtual-router 44 priority 254
cumulus@spine01:~$ nv set interface swp1 ip vrrp virtual-router 44 advertisement-interval 5000
cumulus@spine01:~$ nv config apply
cumulus@spine02:~$ nv set interface swp1 ip address 10.0.0.3/24
cumulus@spine02:~$ nv set interface swp1 ip address 2001:0db8::3/64
cumulus@spine02:~$ nv set interface swp1 ip vrrp virtual-router 44 address 10.0.0.1/24
cumulus@spine02:~$ nv set interface swp1 ip vrrp virtual-router 44 address 2001:0db8::1/64
cumulus@spine02:~$ nv config apply
-
Edit the
/etc/network/interface
file to assign an IP address to the parent interface; for example:cumulus@spine01:~$ sudo vi /etc/network/interfaces ... auto swp1 iface swp1 address 10.0.0.2/24 address 2001:0db8::2/64
-
Enable the
vrrpd
daemon, then start the FRR service. See FRRouting. -
From the vtysh shell, configure VRRP.
cumulus@spine01:~$ sudo vtysh ... spine01# configure terminal spine01(config)# interface swp1 spine01(config-if)# vrrp 44 ip 10.0.0.1 spine01(config-if)# vrrp 44 ipv6 2001:0db8::1 spine01(config-if)# vrrp 44 priority 254 spine01(config-if)# vrrp 44 advertisement-interval 5000 spine01(config-if)# end spine01# write memory spine01# exit
-
Edit the
/etc/network/interface
file to assign an IP address to the parent interface; for example:cumulus@spine02:~$ sudo vi /etc/network/interfaces ... auto swp1 iface swp1 address 10.0.0.3/24 address 2001:0db8::3/64
-
Enable the
vrrpd
daemon, then start the FRR service. See FRRouting. -
From the vtysh shell, configure VRRP.
cumulus@spine02:~$ sudo vtysh ... spine02# configure terminal spine02(config)# interface swp1 spine02(config-if)# vrrp 44 ip 10.0.0.1 spine02(config-if)# vrrp 44 ipv6 2001:0db8::1 spine02(config-if)# end spine02# write memory spine02# exit
The vtysh commands save the configuration in the /etc/network/interfaces
file and the /etc/frr/frr.conf
file. For example:
cumulus@spine01:~$ sudo cat /etc/network/interfaces
...
auto swp1
iface swp1
address 10.0.0.2/24
address 2001:0db8::2/64
vrrp 44 10.0.0.1/24 2001:0db8::1/64
...
cumulus@spine01:~$ sudo cat /etc/frr/frr.conf
...
interface swp1
vrrp 44
vrrp 44 advertisement-interval 5000
vrrp 44 priority 254
vrrp 44 ip 10.0.0.1
vrrp 44 ipv6 2001:0db8::1
...
Show VRRP Configuration
To show virtual router information on a switch, run the vtysh show vrrp <VRID>
command or the net show vrrp <VRID>
command. For example:
cumulus@spine01:~$ show vrrp 44
Virtual Router ID 44
Protocol Version 3
Autoconfigured No
Shutdown No
Interface swp1
VRRP interface (v4) vrrp4-3-1
VRRP interface (v6) vrrp6-3-1
Primary IP (v4) 10.0.0.2
Primary IP (v6) 2001:0db8::2
Virtual MAC (v4) 00:00:5e:00:01:01
Virtual MAC (v6) 00:00:5e:00:02:01
Status (v4) Master
Status (v6) Master
Priority 254
Effective Priority (v4) 254
Effective Priority (v6) 254
Preempt Mode Yes
Accept Mode Yes
Advertisement Interval 5000 ms
Master Advertisement Interval (v4) 0 ms
Master Advertisement Interval (v6) 5000 ms
Advertisements Tx (v4) 17
Advertisements Tx (v6) 17
Advertisements Rx (v4) 0
Advertisements Rx (v6) 0
Gratuitous ARP Tx (v4) 1
Neigh. Adverts Tx (v6) 1
State transitions (v4) 2
State transitions (v6) 2
Skew Time (v4) 0 ms
Skew Time (v6) 0 ms
Master Down Interval (v4) 0 ms
Master Down Interval (v6) 0 ms
IPv4 Addresses 1
. . . . . . . . . . . . . . . . . . 10.0.0.1
IPv6 Addresses 1
. . . . . . . . . . . . . . . . . . 2001:0db8::1