VRRP and Load Sharing
August 31, 2008 2 Comments
VRRP is the IEEE standard equivalent of HSRP, Cisco proprietary.
VRRP differs slightly from HSRP:
- one “Master «is elected, “Active” for HSRP.
- one or more “backup” Routers against only one “standby” router for HSRP, hence the presence of “skew time” to organize their participation to the election.
- can use real IP address as the virtual IP.
- use 224.0.0.18, udp(112).
VRRP use the same concept of multiple group to achieve load sharing.
Hold = 3xAdvertisment + skew time.
“Advertisement” , called “Hello” in HSRP.
Skew time = 1-(priority/256).
The skew time is inversely proportional to the priority, the hypothetical topology depicted in figure 1 better illustrates the utility that lurks behind the concept.
Figure1: skew time and priority
The hold time allows backup routers to be aware of a failure of the master for them to be able to send their advertisements and participate to the election of the new master, but with many routers as backup with different priorities it is clear that only the backup router with the highest priority will become the Master, so there is no need for the others to participate to the “masquerade” : ); thereby, using the skew time, only the backup router with the next highest priority will send its advertisements, become the Master and inform all others, if for any reason it is also not available, The next highest priority backup router will claim the master state.
This lab (Figure2) shows how to configure multiple VRRP groups to implement load sharing
Figure 2: lab topology
The layer2 switch connects VLAN10 and VLAN20 to the group of Layer3 devices router R2 and multilayer switch MLS that participate in VRRP.
R2 will be Master router for group20 (VLAN20 group) and MLS the backup gateway and vice versa, MLS will be the Master gateway for VLAN10 and R2 the backup gateway.
This is implemented in R2 using different sub-interfaces for each VLAN entering the router through Fa1/0 with dot1q encapsulation.
In MLS the upstream interface is a routed interface (disabled switching) and SVI VLAN10 and VLAN20 are used to receive traffic from each VLAN on the trunk interface Fa0/1.
The Lab is organized as follow:
– VRRP configuration
– VRRP Verification
– Testing
– MLS failure
– MLS recovery
– R2 tracked interface failure
– R2 tracked interface recovery
VRRP CONFIGURATION
MLS:
| track 1 interface FastEthernet0/0 line-protocol interface Vlan10 ip address 192.168.10.3 255.255.255.0 vrrp 10 ip 192.168.10.1 vrrp 10 preempt delay minimum 60 vrrp 10 priority 200 vrrp 10 track 1 decrement 100
interface Vlan20 ip address 192.168.20.3 255.255.255.0 vrrp 20 ip 192.168.20.1 no vrrp 20 preempt vrrp 20 priority 150 |
R2:
| track 1 interface FastEthernet0/0 line-protocol interface FastEthernet1/0.10 encapsulation dot1Q 10 ip address 192.168.10.2 255.255.255.0 vrrp 10 ip 192.168.10.1 vrrp 10 priority 150
interface FastEthernet1/0.20 encapsulation dot1Q 20 ip address 192.168.20.2 255.255.255.0 vrrp 20 ip 192.168.20.1 vrrp 20 preempt delay minimum 60 vrrp 20 priority 200 vrrp 20 track 1 decrement 100 |
All First Hop Redundancy protocols like HSRP, VRRP and GLBP allow the use of object tracking which provides enhanced capability to track different object like:
– Interface.
– Line protocol state.
– Reachability of IP route.
– Threshold of IP routing metric.
– IP SLA operations.
– List of boolean expression and threshold weight.
For the purpose of the lab we track only the line protocol status.
VRRP VERIFICATION
Initial VRRP status:
MLS:
| MLS#sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Vl10 Vl20 MLS# |
| MLS#sh vrrp Vlan10 – Group 10 State is Master Virtual IP address is 192.168.10.1 Virtual MAC address is 0000.5e00.010a Advertisement interval is 1.000 sec Preemption enabled, delay min 60 secs Priority is 200 Track object 1 state Up decrement 100 Master Router is 192.168.10.3 (local), priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.218 sec
Vlan20 – Group 20 State is Backup Virtual IP address is 192.168.20.1 Virtual MAC address is 0000.5e00.0114 Advertisement interval is 1.000 sec Preemption disabled Priority is 150 Master Router is 192.168.20.2, priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.414 sec (expires in 2.406 sec)
MLS# |
MLS VLAN10 SVI is the master gateway interface for VLAN10 with the highest priority of 200 and MLS VLAN20 SVI is the backup gateway interface for VLAN20 (<R2 Fa1/0.20 interface priority).
R2:
| R2#sh vrrp Mar 1 01:26:54.243: %SYS-5-CONFIG_I: Configured from console by admin on console brief Interface Grp Pri Time Own Pre State Master addr Group addr Fa1/0.10 Fa1/0.20 R2# |
| R2#sh vrrp FastEthernet1/0.10 – Group 10 State is Backup Virtual IP address is 192.168.10.1 Virtual MAC address is 0000.5e00.010a Advertisement interval is 1.000 sec Preemption enabled Priority is 150 Master Router is 192.168.10.3, priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.414 sec (expires in 2.538 sec)
FastEthernet1/0.20 – Group 20 State is Master Virtual IP address is 192.168.20.1 Virtual MAC address is 0000.5e00.0114 Advertisement interval is 1.000 sec Preemption enabled, delay min 60 secs Priority is 200 Track object 1 state Up decrement 100 Master Router is 192.168.20.2 (local), priority is 200 Master Advertisement interval is 1.000 sec Master Down interval is 3.218 sec
R2# |
R2 Fa1/0.20 is the master gateway interface for VLAN20 with the highest priority of 200 and intfa1/0.10 is the backup gateway interface for VLAN20 with priority of 150 (< MLS SVI VLAN10 priority).
Connectivity
R10(VLAN10):
| R10#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.2 8 cc01.154c.0010 ARPA FastEthernet0/0 Internet 192.168.10.3 52 cc02.1714.0000 ARPA FastEthernet0/0 Internet 192.168.10.1 26 0000.0c07.ac0a ARPA FastEthernet0/0 Internet 192.168.10.10 – cc04.1714.0000 ARPA FastEthernet0/0 R10# |
Using ARP for the default gateway IP 192.168.10.1, R10 has resolved the virtual MAC defined by VRRP group.
| R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 192.168.10.3 88 msec 60 msec 76 msec 2 192.168.13.1 124 msec 88 msec 64 msec 3 10.10.10.1 184 msec 88 msec 92 msec R10# |
According to the initial VRRP state, MLS should be the Master VRRP router for the group 10 which is confirmed by result of trace command.
R20(VLAN20):
| R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 192.168.20.2 108 msec 48 msec 28 msec 2 192.168.12.1 92 msec 104 msec 96 msec 3 10.10.10.1 104 msec 72 msec 64 msec R20# |
According to the initial VRRP state, R2 should be the Master VRRP router for the group 20 which is confirmed by result of trace command.
| R20#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.20.20 – cc05.1714.0000 ARPA FastEthernet0/0 Internet 192.168.20.1 15 0000.5e00.0114 ARPA FastEthernet0/0 Internet 192.168.20.2 14 cc01.154c.0010 ARPA FastEthernet0/0 Internet 192.168.20.3 56 cc02.1714.0000 ARPA FastEthernet0/0 R20# |
Using ARP for the default gateway IP 192.168.20.1, R20 has resolved the virual MAC defined by VRRP group.
TESTING
MLS failure:
In this case MLS is shutdown to simulate a router failure.
R2:
| R2# Mar 1 01:57:20.039: VRRP: Grp 10 Event – Master down timer expired Mar 1 01:57:20.039: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Backup -> Master Mar 1 01:57:30.439: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3 (FastEthernet1/0.20) is down: holding time expired Mar 1 01:57:30.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3 (FastEthernet1/0.10) is down: holding time expired R2# |
After the hold timer expires for VRRP group 10, MLS is considered down and R2 interface fa1/0.10 take over the Master status and become the forwarder, this is confirmed by the traffic that VLAN10 takes to reach the upstream destination:
| R2#sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Fa1/0.10 Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1 R2# |
| R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 192.168.10.2 68 msec 44 msec 60 msec 2 192.168.12.1 152 msec 92 msec 92 msec 3 10.10.10.1 136 msec 92 msec 140 msec R10# |
| R10#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.2 44 cc01.154c.0010 ARPA FastEthernet0/0 Internet 192.168.10.3 7 cc02.1714.0000 ARPA FastEthernet0/0 Internet 192.168.10.1 7 0000.5e00.010a ARPA FastEthernet0/0 Internet 192.168.10.10 – cc04.1714.0000 ARPA FastEthernet0/0 R10# |
Note that the virtual MAC has not changed, because the operation is transparent to the clients.
Nothing changed for VLAN 20, traffic is still forwarded to R2:
| R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 192.168.20.2 112 msec 76 msec 28 msec 2 192.168.12.1 72 msec 112 msec 64 msec 3 10.10.10.1 136 msec 44 msec 56 msec R20# |
MLS recovery:
Now MLS is back to live and because of the preempt feature it will claim its master status back, however, this is done after a configured 60 seconds, this additional time is given to the downstream Layer 2 distribution swiches to converge STP so the optimal layer 3 path is consistent with layer 2 STP path.
R2:
| R2# Mar 1 02:16:53.344: %VRRP-6-STATECHANGE: Fa1/0.10 Grp 10 state Master -> Backup Mar 1 02:16:54.088: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.20.3 (FastEthernet1/0.20) is up: new adjacency Mar 1 02:16:56.044: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.10.3 (FastEthernet1/0.10) is up: new adjacency R2# |
| R2#sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1 Fa1/0.20 20 200 3218 Y Master 192.168.20.2 192.168.20.1 R2# |
And VLAN10 clients again consider MLS as the default gateway:
| R10#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 * 192.168.10.3 36 msec 28 msec 2 192.168.13.1 104 msec 60 msec 64 msec 3 10.10.10.1 120 msec 88 msec 64 msec R10# |
R2 upstream interface failure (tracked interface):
Let’s shut down Fa0/0 ionterface on R2 and see what will be the reaction of VRRP:
R2:
| R2(config-subif)#int fa 0/0 R2(config-if)#sh R2(config-if)# Mar 1 02:35:30.203: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (FastEthernet0/0) is down: interface down Mar 1 02:35:32.043: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down Mar 1 02:35:33.043: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down R2(config-if)# R2(config-if)# R2(config-if)# Mar 1 02:36:30.535: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Master -> Backup R2(config-if)# |
| R2(config-if)#do sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1 Fa1/0.20 R2(config-if)# |
A venality of 100 is subtracted from the interface Fa1/0.20 VRRP group 20 and after 60 sec MLS VRRP group 20 take over the master status and become the default gateway for VLAN20.
MLS:
| MLS(config-if)# *Mar 1 00:20:37.323: VRRP: Grp 20 Event – Master down timer expired *Mar 1 00:20:37.327: %VRRP-6-STATECHANGE: Vl20 Grp 20 state Backup -> Master MLS(config-if)# |
| MLS(config-if)#do sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1 Vl20 20 150 3414 Y Backup 192.168.20.2 192.168.20.1 MLS(config-if) # |
Now all VLAN20 traffic is forwarded to MLS:
| R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 192.168.20.3 96 msec 48 msec 48 msec 2 192.168.13.1 120 msec 52 msec 132 msec 3 10.10.10.1 52 msec 60 msec 92 msec R20# |
R2 upstream interface recovery (tracked interface):
R2:
| R2(config-if)#int fa0/0 R2(config-if)#no sh
Mar 1 03:25:50.167: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 10: Neighbor 192.168.12.1 (FastEthernet0/0) is up: new adjacency Mar 1 03:25:50.759: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up Mar 1 03:25:51.759: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R2(config-if)# Mar 1 03:26:48.795: VRRP: Grp 20 Event – Master down timer expired Mar 1 03:26:48.799: %VRRP-6-STATECHANGE: Fa1/0.20 Grp 20 state Backup -> Master |
Now The tracked interface is UP so VRRP will call back the penality and R2 VRRP group 20 can claim back its mater state with a higher priority (60 sec after):
| R2(config-if)#do sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Fa1/0.10 10 150 3414 Y Backup 192.168.10.3 192.168.10.1 Fa1/0.20 R2(config-if)#
R3: MLS(config-if)#do sh vrrp brief Interface Grp Pri Time Own Pre State Master addr Group addr Vl10 10 200 3218 Y Master 192.168.10.3 192.168.10.1 Vl20 MLS(config-if)# |
R20:
| R20#trace 10.10.10.1 Type escape sequence to abort. Tracing the route to 10.10.10.1
1 192.168.20.2 112 msec 60 msec 76 msec 2 192.168.12.1 76 msec 64 msec 72 msec 3 10.10.10.1 168 msec 184 msec 140 msec R20# |
For more global picture about differences between VRRP, HSRP and GLBP take a look at the post entitled “First Hop Redundancy protocol comparison (HSRP,VRRP,GLBP)“
CCIE, the beginning! 