The exact same Topology as the HSRP section, because it is so similar there isn’t really a need to create a new Topology, though SW3 does get added to the Router Group during the lab to demonstrate a difference in Router States from HSRP.
VRRP similarities and differences from HSRP
VRRP is very similar to HSRP in respect to its configuration and defaults, to the point if you were to substitute the word “standby” for “vrrp” when configuring VRRP, it would work ALMOST exactly the same – There are a few slight differences to know.
For clarity sake I’ll just use bullet point style comparison of VRRP vs HSRP:
- VRRP is an open Industry Standard Protocol, HSRP is Cisco Proprietary
- VRRP is defined by RFC 2338, HSRP is defined by RFC 1985
- VRRP communicates via Multicast IP 224.0.0.18, HSRP via Multicast 224.0.0.2
- VRRP has identical default Priority and Tracking decrement values as HSRP
- VRRP wins Elections first by Priority, then by highest IP Address (exactly like HSRP)
- VRRP Router Group members form a single Virtual Router per VRRP Instance
- VRRP has Preemption enabled by default, HSRP Preemption is disabled by default
- VRRP MAC Address format: 0000.5e00.01xx <- Where XX is group # in Hex
- VRRP uses a “Master” Router state equivalent to HSRPs “Active” Router
- VRRP uses a “Backup” Router state equivalent to HSRP’s Standby and Listen
Those are all the technical details for VRRP, if you can configure HSRP groups, you can configure VRRP groups exactly the same by substituting “standby” with “vrrp” on the CLI.
One big difference I found is in how Router Group members that are non-Master Routers all become Backup Routers, where HSRP will actually designate the Standby Router, with VRRP all Router Group members are considered “Backup” Routers – However it works the exact same that the Router Group member with the next highest Priority / IP will take over as Master Router upon the Master failing / leaving the Router Group.
I’ll run through some basic demonstrations of how similar configuration is, and run through interface tracking configuration at the bottom of the post, as that is configured using an actual Tracked Object that is then tied into the VRRP configuration.
Load-Balancing is set up exactly the same as HSRP, making multiple VRRP instances with different Virtual Router IP Addresses with Hosts pointed at the different Virtual Router IP’s for their gateway, that will NOT be covered / labbed here as it is identical to HSRP.
A quick VRRP lab, note I only replace “standby” with “vrrp” for config / verification
I will spare the output from configuring the Trunks and VLAN information, however this is a simple setup of VRRP on each switches SVI / VLAN interface:
SW1 VRRP Config
SW1(config-if)#vrrp ?
<1-255> Group number
SW1(config-if)#vrrp 10 ?
authentication Authentication string
description Group specific description
ip Enable Virtual Router Redundancy Protocol (VRRP) for IP
preempt Enable preemption of lower priority Master
priority Priority of this VRRP group
timers Set the VRRP timers
track Event Tracking
SW1(config-if)#vrrp 10 ip ?
A.B.C.D VRRP group IP address
SW1(config-if)#vrrp 10 ip 10.0.10.254 ?
secondary Specify an additional VRRP address for this group
<cr>
SW1(config-if)#vrrp 10 ip 10.0.10.254
SW1(config-if)#
*Mar 1 00:20:44.475: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
*Mar 1 00:20:44.483: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
SW1(config-if)#
*Mar 1 00:20:48.099: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
SW1(config-if)#
Seen here, the Router goes immediately into “Backup” state instead of Speak with HSRP, as all Routers initially see themselves as the Backup Router until it is decided it is the Master Router of the group.
Verification on SW1
SW1(config-if)#do sh vrrp
Vlan10 – Group 10
State is Master
Virtual IP address is 10.0.10.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.10.1 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
SW1(config-if)#
SW2 VRRP Config
SW2(config-if)#int vlan 10
SW2(config-if)#vrrp 10 ip 10.0.10.254
SW2(config-if)#
*Mar 1 00:29:59.490: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
*Mar 1 00:29:59.490: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
SW2(config-if)#
*Mar 1 00:30:03.106: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
SW2(config-if)#
One thing I noticed that it goes into Backup state during the election rather than “Speak” state, so to mess with this I actually brought in SW3, as it will win the election via the Highest IP Address on the SVI to see where that leaves SW1:
SW3 VRRP Config
SW3(config-if)#ip add 10.0.10.3 255.255.255.0
SW3(config-if)#vrrp 10 ip 10.0.10.254
SW3(config-if)#
*Mar 1 00:31:36.580: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
*Mar 1 00:31:36.580: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
SW3(config-if)#
*Mar 1 00:31:40.195: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
SW3(config-if)#
SW1 and SW2 verification output
SW1(config-if)#do sh vrrp
Vlan10 – Group 10
State is Backup
Virtual IP address is 10.0.10.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.10.3, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.123 sec)
SW2(config-if)#do sh vrrp
Vlan10 – Group 10
State is Backup
Virtual IP address is 10.0.10.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.10.3, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.483 sec)
That is as far is I will go into VRRP configuration / verification as it is extremely similar to HSRP, however object tracking is a bit different, so that does require a review.
Interface / Object tracking configuration for VRRP
With VRRP a tracking object must first be configured, and then applied to the VRRP group configuration, the configured tracking object is not tied to VRRP itself however and can be used with various protocols for tracking purposes on Cisco devices.
The tracking object configuration
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#track ?
<1-1000> Tracked object
resolution Tracking resolution parameters
timer Polling interval timers
SW1(config)#track 1 ?
interface Select an interface to track
ip IP protocol
list Group objects in a list
SW1(config)#track 1 int ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
Filter Filter interface
Filtergroup Filter Group interface
GigabitEthernet GigabitEthernet IEEE 802.3z
GroupVI Group Virtual interface
Lex Lex interface
Loopback Loopback interface
Port-channel Ethernet Channel of interfaces
Portgroup Portgroup interface
Pos-channel POS Channel of interfaces
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-TokenRing Virtual TokenRing
Vlan Catalyst Vlans
fcpa Fiber Channel
SW1(config)#track 1 int fa1/0/1 ?
ip IP parameters
line-protocol Track interface line-protocol
SW1(config)#track 1 int fa1/0/1 line ?
<cr>
SW1(config)#track 1 int fa1/0/1 line
This will drop you into tracking object configuration, which I will not delve into here, but wanted to post some output for reference that it is a thing that you just exit out of:
SW1(config-track)#?
Tracking instance configuration commands:
default Set a command to its defaults
delay Tracking delay
exit Exit from tracking configuration mode
no Negate a command or set its defaults
SW1(config-track)#exit
SW1(config)#
We now have a tracked object, that is defined to track interface Fa1/0/1 line-protocol:
SW1(config)#do sh track
Track 1
Interface FastEthernet1/0/1 line-protocol
Line protocol is Up
1 change, last change 00:03:56
SW1(config)#
Now before the interface tracking is going to actually make any dynamic changes, SW1 first must become the Master Router of the Router Group:
SW1(config-if)#int vlan 10
SW1(config-if)#vrrp 10 priority 105
SW1(config-if)#
*Mar 1 00:49:41.680: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
SW1(config-if)#
Finally to tie the tracked object configured into the VRRP configuration:
SW1(config-if)#int vlan 10
SW1(config-if)#vrrp 10 ?
authentication Authentication string
description Group specific description
ip Enable Virtual Router Redundancy Protocol (VRRP) for IP
preempt Enable preemption of lower priority Master
priority Priority of this VRRP group
timers Set the VRRP timers
track Event Tracking
SW1(config-if)#vrrp 10 track ?
<1-1000> Tracked object
SW1(config-if)#vrrp 10 track 1 ?
decrement Priority decrement
<cr>
SW1(config-if)#vrrp 10 track 1
SW1(config-if)#
It can be seen the decrement value can be changed in the same place, the same as HSRP, however the default is 10 so if interface Fa1/0/1 goes down it will lose its status as Master:
SW1(config-if)#int fa1/0/1
SW1(config-if)#shut
SW1(config-if)#
*Mar 1 00:54:15.761: %TRACKING-5-STATE: 1 interface Fa1/0/1 line-protocol Up->Down
SW1(config-if)#
*Mar 1 00:54:17.749: %LINK-5-CHANGED: Interface FastEthernet1/0/1, changed state to administratively down
*Mar 1 00:54:18.756: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/1, changed state to down
SW1(config-if)#
*Mar 1 00:54:45.826: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backup
SW1(config-if)#
Note that it did take about 30 seconds for it to come respond that it is now a Backup Router, and it is important to note that it became the Backup Router because it had a redundant link connecting it back to another VRRP Router Group Member.
When I removed that Redundant Link, and there was no Redundant Link in the first place, it goes into “Stuck in Init” mode:
SW1(config-if)#
*Mar 1 00:55:42.667: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to down
SW1(config-if)#
*Mar 1 00:55:42.675: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Init
SW1(config-if)#
*Mar 1 00:55:43.657: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/12, changed state to down
*Mar 1 00:55:44.663: %LINK-3-UPDOWN: Interface FastEthernet1/0/12, changed state to down
SW1(config-if)#
It’s a bit confusing to see because the VLAN interface went down first once both Trunks were detected as missing, followed by VRRP falling back into “Init” state, and finally getting the Physical / Line Protocol down messages.
To verify this on SW1 now that all links to VRRP Router Group Members are down:
SW1(config-if)#do sh vrrp
Vlan10 – Group 10
State is Init
Virtual IP address is 10.0.10.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 95 (cfgd 105)
Track object 1 state Down decrement 10
Master Router is unknown, priority is unknown
Master Advertisement interval is unknown
Master Down interval is 3.628 sec
SW1(config-if)#
So when you start seeing stuck in Init, or unknown values in the VRRP output, that means there is an interface / link issue to other VRRP Group Members – It does not turn into its own Master for the Group like HSRP does if it cannot reach group members.
^^^ That is an important difference to note with VRRP!
And that is all I have for VRRP!
Its so similar to HSRP that it really doesn’t need a whole lot further explanation, however if I fail the SWITCH exam due to lack of VRRP knowledge not covered here, I will come back and update it with my tail tucked between my legs 🙂
GLBP next to finish off the FHRPs!
The DEVNET GRIND! 