VRRP and Load Sharing


VRRP is the IEEE standard equivalent of HSRP, Cisco proprietary.

VRRP differs slightly from HSRP:

  • one “Master «is elected, “Active” for HSRP.
  • one or more “backup” Routers against only one “standby” router for HSRP, hence the presence of “skew time” to organize their participation to the election.
  • can use real IP address as the virtual IP.
  • use 224.0.0.18, udp(112).

VRRP use the same concept of multiple group to achieve load sharing.

 

Hold = 3xAdvertisment + skew time.

“Advertisement” , called “Hello” in HSRP.

Skew time = 1-(priority/256).

 

The skew time is inversely proportional to the priority, the hypothetical topology depicted in figure 1 better illustrates the utility that lurks behind the concept.

Figure1: skew time and priority

The hold time allows backup routers to be aware of a failure of the master for them to be able to send their advertisements and participate to the election of the new master, but with many routers as backup with different priorities it is clear that only the backup router with the highest priority will become the Master, so there is no need for the others to participate to the “masquerade” : ); thereby, using the skew time, only the backup router with the next highest priority will send its advertisements, become the Master and inform all others, if for any reason it is also not available, The next highest priority backup router will claim the master state.

 

This lab (Figure2) shows how to configure multiple VRRP groups to implement load sharing

Figure 2: lab topology

The layer2 switch connects VLAN10 and VLAN20 to the group of Layer3 devices router R2 and multilayer switch MLS that participate in VRRP.

R2 will be Master router for group20 (VLAN20 group) and MLS the backup gateway and vice versa, MLS will be the Master gateway for VLAN10 and R2 the backup gateway.

This is implemented in R2 using different sub-interfaces for each VLAN entering the router through Fa1/0 with dot1q encapsulation.

In MLS the upstream interface is a routed interface (disabled switching) and SVI VLAN10 and VLAN20 are used to receive traffic from each VLAN on the trunk interface Fa0/1.

The Lab is organized as follow:

- VRRP configuration

- VRRP Verification

- Testing

- MLS failure

- MLS recovery

- R2 tracked interface failure

- R2 tracked interface recovery

 

VRRP CONFIGURATION

MLS:

track 1 interface FastEthernet0/0 line-protocol
 

interface Vlan10

ip address 192.168.10.3 255.255.255.0

vrrp 10 ip 192.168.10.1

vrrp 10 preempt delay minimum 60

vrrp 10 priority 200

vrrp 10 track 1 decrement 100

 

interface Vlan20

ip address 192.168.20.3 255.255.255.0

vrrp 20 ip 192.168.20.1

no vrrp 20 preempt

vrrp 20 priority 150

R2:

track 1 interface FastEthernet0/0 line-protocol
 

interface FastEthernet1/0.10

encapsulation dot1Q 10

ip address 192.168.10.2 255.255.255.0

vrrp 10 ip 192.168.10.1

vrrp 10 priority 150

 

interface FastEthernet1/0.20

encapsulation dot1Q 20

ip address 192.168.20.2 255.255.255.0

vrrp 20 ip 192.168.20.1

vrrp 20 preempt delay minimum 60

vrrp 20 priority 200

vrrp 20 track 1 decrement 100

All First Hop Redundancy protocols like HSRP, VRRP and GLBP allow the use of object tracking which provides enhanced capability to track different object like:

- Interface.

- Line protocol state.

- Reachability of IP route.

- Threshold of IP routing metric.

- IP SLA operations.

- List of boolean expression and threshold weight.

For the purpose of the lab we track only the line protocol status.

VRRP VERIFICATION

Initial VRRP status:

MLS:

MLS#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Vl10
10
200 3218 Y
Master
192.168.10.3
192.168.10.1

Vl20
20
150 3414 Backup
192.168.20.2
192.168.20.1

MLS# 

 

MLS#sh vrrp
Vlan10 – Group 10

State is Master

Virtual IP address is 192.168.10.1

Virtual MAC address is 0000.5e00.010a

Advertisement interval is 1.000 sec

Preemption enabled, delay min 60 secs

Priority is 200

Track object 1 state Up decrement 100

Master Router is 192.168.10.3 (local), priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.218 sec

 

Vlan20 – Group 20

State is Backup

Virtual IP address is 192.168.20.1

Virtual MAC address is 0000.5e00.0114

Advertisement interval is 1.000 sec

Preemption disabled

Priority is 150

Master Router is 192.168.20.2, priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec (expires in 2.406 sec)

 

MLS# 

MLS VLAN10 SVI is the master gateway interface for VLAN10 with the highest priority of 200 and MLS VLAN20 SVI is the backup gateway interface for VLAN20 (<R2 Fa1/0.20 interface priority).

 

R2:

R2#sh vrrp
Mar 1 01:26:54.243: %SYS-5-CONFIG_I: Configured from console by admin on console brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10
10
150 3414 Y Backup
192.168.10.3
192.168.10.1

Fa1/0.20
20
200 3218 Y Master
192.168.20.2
192.168.20.1

R2#

 

R2#sh vrrp
FastEthernet1/0.10 – Group 10

State is Backup

Virtual IP address is 192.168.10.1

Virtual MAC address is 0000.5e00.010a

Advertisement interval is 1.000 sec

Preemption enabled

Priority is 150

Master Router is 192.168.10.3, priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.414 sec (expires in 2.538 sec)

 

FastEthernet1/0.20 – Group 20

State is Master

Virtual IP address is 192.168.20.1

Virtual MAC address is 0000.5e00.0114

Advertisement interval is 1.000 sec

Preemption enabled, delay min 60 secs

Priority is 200

Track object 1 state Up decrement 100

Master Router is 192.168.20.2 (local), priority is 200

Master Advertisement interval is 1.000 sec

Master Down interval is 3.218 sec

 

R2#

 

R2 Fa1/0.20 is the master gateway interface for VLAN20 with the highest priority of 200 and intfa1/0.10 is the backup gateway interface for VLAN20 with priority of 150 (< MLS SVI VLAN10 priority).

 

Connectivity

R10(VLAN10):

R10#sh arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 8 cc01.154c.0010 ARPA FastEthernet0/0

Internet 192.168.10.3 52 cc02.1714.0000 ARPA FastEthernet0/0

Internet 192.168.10.1 26 0000.0c07.ac0a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1714.0000 ARPA FastEthernet0/0

R10#

Using ARP for the default gateway IP 192.168.10.1, R10 has resolved the virtual MAC defined by VRRP group.

R10#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.10.3 88 msec 60 msec 76 msec

2 192.168.13.1 124 msec 88 msec 64 msec

3 10.10.10.1 184 msec 88 msec 92 msec

R10#

According to the initial VRRP state, MLS should be the Master VRRP router for the group 10 which is confirmed by result of trace command.

R20(VLAN20):

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.2 108 msec 48 msec 28 msec

2 192.168.12.1 92 msec 104 msec 96 msec

3 10.10.10.1 104 msec 72 msec 64 msec

R20#

According to the initial VRRP state, R2 should be the Master VRRP router for the group 20 which is confirmed by result of trace command.

R20#sh arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.20.20 – cc05.1714.0000 ARPA FastEthernet0/0

Internet 192.168.20.1 15 0000.5e00.0114 ARPA FastEthernet0/0

Internet 192.168.20.2 14 cc01.154c.0010 ARPA FastEthernet0/0

Internet 192.168.20.3 56 cc02.1714.0000 ARPA FastEthernet0/0

R20#

Using ARP for the default gateway IP 192.168.20.1, R20 has resolved the virual MAC defined by VRRP group.

TESTING

MLS failure:

In this case MLS is shutdown to simulate a router failure.

R2:

R2#
Mar 1 01:57:20.039: VRRP: Grp 10 Event – Master down timer expired

Mar 1 01:57:20.039: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Backup -> Master

Mar 1 01:57:30.439: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3 (FastEthernet1/0.20) is down: holding time expired

Mar 1 01:57:30.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3 (FastEthernet1/0.10) is down: holding time expired

R2#

After the hold timer expires for VRRP group 10, MLS is considered down and R2 interface fa1/0.10 take over the Master status and become the forwarder, this is confirmed by the traffic that VLAN10 takes to reach the upstream destination:

R2#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10
10
150 3414 Y Master
192.168.10.2
192.168.10.1

Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1

R2#

 

R10#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.10.2 68 msec 44 msec 60 msec

2 192.168.12.1 152 msec 92 msec 92 msec

3 10.10.10.1 136 msec 92 msec 140 msec

R10#

 

R10#sh arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.10.2 44 cc01.154c.0010 ARPA FastEthernet0/0

Internet 192.168.10.3 7 cc02.1714.0000 ARPA FastEthernet0/0

Internet 192.168.10.1 7 0000.5e00.010a ARPA FastEthernet0/0

Internet 192.168.10.10 – cc04.1714.0000 ARPA FastEthernet0/0

R10#

Note that the virtual MAC has not changed, because the operation is transparent to the clients.

Nothing changed for VLAN 20, traffic is still forwarded to R2:

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.2 112 msec 76 msec 28 msec

2 192.168.12.1 72 msec 112 msec 64 msec

3 10.10.10.1 136 msec 44 msec 56 msec

R20#

MLS recovery:

Now MLS is back to live and because of the preempt feature it will claim its master status back, however, this is done after a configured 60 seconds, this additional time is given to the downstream Layer 2 distribution swiches to converge STP so the optimal layer 3 path is consistent with layer 2 STP path.

R2:

R2#
Mar 1 02:16:53.344: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Master -> Backup

Mar 1 02:16:54.088: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3 (FastEthernet1/0.20) is up: new adjacency

Mar 1 02:16:56.044: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3 (FastEthernet1/0.10) is up: new adjacency

R2#

 

R2#sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1

Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1

R2#

And VLAN10 clients again consider MLS as the default gateway:

R10#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 *

192.168.10.3 36 msec 28 msec

2 192.168.13.1 104 msec 60 msec 64 msec

3 10.10.10.1 120 msec 88 msec 64 msec

R10#

R2 upstream interface failure (tracked interface):

Let’s shut down Fa0/0 ionterface on R2 and see what will be the reaction of VRRP:

R2:

R2(config-subif)#int fa 0/0
R2(config-if)#sh

R2(config-if)#

Mar 1 02:35:30.203: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (FastEthernet0/0) is down: interface down

Mar 1 02:35:32.043: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

Mar 1 02:35:33.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down

R2(config-if)#

R2(config-if)#

R2(config-if)#

Mar 1 02:36:30.535: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Master -> Backup

R2(config-if)#

 

R2(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1

Fa1/0.20
20 100 3218 Y Backup 192.168.20.3 192.168.20.1

R2(config-if)#

A venality of 100 is subtracted from the interface Fa1/0.20 VRRP group 20 and after 60 sec MLS VRRP group 20 take over the master status and become the default gateway for VLAN20.

MLS:

MLS(config-if)#
*Mar 1 00:20:37.323: VRRP: Grp 20 Event – Master down timer expired

*Mar 1 00:20:37.327: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Backup -> Master

MLS(config-if)#

 

MLS(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1

Vl20 20 150 3414 Y Backup 192.168.20.2 192.168.20.1

MLS(config-if) #

Now all VLAN20 traffic is forwarded to MLS:

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.3 96 msec 48 msec 48 msec

2 192.168.13.1 120 msec 52 msec 132 msec

3 10.10.10.1 52 msec 60 msec 92 msec

R20#

R2 upstream interface recovery (tracked interface):

R2:

R2(config-if)#int fa0/0
R2(config-if)#no sh

 

Mar 1 03:25:50.167: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (FastEthernet0/0) is up: new adjacency

Mar 1 03:25:50.759: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up

Mar 1 03:25:51.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up

R2(config-if)#

Mar 1 03:26:48.795: VRRP: Grp 20 Event – Master down timer expired

Mar 1 03:26:48.799: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Backup -> Master

Now The tracked interface is UP so VRRP will call back the penality and R2 VRRP group 20 can claim back its mater state with a higher priority (60 sec after):

R2(config-if)#do sh vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr

Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1

Fa1/0.20
20 200 3218 Y
Master 192.168.20.2 192.168.20.1

R2(config-if)#

 

R3:

MLS(config-if)#do sh vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr

Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1

Vl20
20 150 3414 Y Backup 192.168.20.2 192.168.20.1

MLS(config-if)#

R20:

R20#trace 10.10.10.1
 

Type escape sequence to abort.

Tracing the route to 10.10.10.1

 

1 192.168.20.2 112 msec 60 msec 76 msec

2 192.168.12.1 76 msec 64 msec 72 msec

3 10.10.10.1 168 msec 184 msec 140 msec

R20# 

 

For more global picture about differences between VRRP, HSRP and GLBP take a look at the post entitled “First Hop Redundancy protocol comparison (HSRP,VRRP,GLBP)

About these ads

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

One Response to VRRP and Load Sharing

  1. Some genuinely nice stuff on this internet site , I enjoy it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: