VRRP (Virtual Router Redundancy Protocol)

ReneMolenaar · December 27, 2016, 4:39pm

This topic is to discuss the following lesson:

system · October 6, 2014, 5:55pm

You write the best articles of how to configure these things.
Well written, good job René!

veerender.keerthi · November 11, 2014, 2:02pm

Still how the computers uses both gateways in their configuration if we load balance between two groups?

Veerender

ReneMolenaar · November 11, 2014, 8:22pm

Hi Veerender,

For example, if you have 100 computers then you configure 50 of them to use 192.168.1.3 and the other 50 to use 192.168.1.4.

Rene

ramonsito · January 1, 2015, 9:38pm

Hi Rene
I’m using for the lab Cisco Switches 3550 and 3750 as layer 3 switches, and those doesn’t seem to support VRRP or GLBP, what model are you using for this lab and the glbp lab, thank you and by the way, thank you for your last reply.

regards
Ramon

ReneMolenaar · January 5, 2015, 10:03pm

Hi Ramon,

The 3550 only supports HSRP while the 3750 supports HSRP + GLBP. I just checked my 3750 and this is the IOS image I am using:

c3750-advipservicesk9-mz.122-46.SE.bin

Funny thing is, I have a 3560 that runs the same IOS version but it only supports HSRP:

c3560-advipservicesk9-mz.122-46.SE.bin

Probably best to use some routers or GNS3 to test this.

Rene

281332 · January 12, 2015, 10:19am

Hi Rene,

I cant understand two things:

why HSRP has 16 groups? not 255?
in your table we see that VRRP doesnt support authentication, but you configured it…?

ReneMolenaar · January 14, 2015, 12:30pm

Hi Yevgeniy,

Good question and there’s a long answer…

Originally on the 3550 and some of the 6500 supervisors only 16 HSRP groups were allowed but this limitation applied only to a single interface. You could use the same group number on different interfaces without any issues. On newer platforms this 16 limit doesn’t apply anymore…the 3750 supports 32 groups I think and my 2800 router supports 255.

About authentication…originally the RFC 2338 standard described authentication but it was removed in RFC 3678 since it wasn’t secure. Not sure which RFC the Cisco implementation is based on but they probably added authentication to VRRP themselves.

Hope this helps!

Rene

281332 · January 14, 2015, 1:34pm

Tnx, for answers,
BTW question from another field, have you something new materials for CCNP v2 ?
And maybe you know if I have ROUTE v1 , can I pass SWITCH v2 and TSHOOT v2?
Because in different resources I found different answers…

BR, Yevgeniy

ReneMolenaar · January 14, 2015, 1:51pm

Hi Yevgeniy,

You can mix the V1 and V2 exams, here’s a link where they explain this:

http://ciscocert.force.com/english/apex/SearchResults?searchkeyword=CCNP+Routing+and+Switch

The answer is in the “Old vs New Exams” topic.

I’m currently updating the lessons pages to add some of the new material. SWITCH now has a stackwise and VSS lesson, ROUTE has DMVPN. Some of the topics I still have to add are SDM templates and EVN.

Rene

taslim1232002 · March 30, 2015, 11:32am

Hi Rene,

Well written. Any way we can track the object in VRRP ? Can you give an example

Thank you

BR
Taslim

ReneMolenaar · March 30, 2015, 12:03pm

Hi Taslim,

For sure, it could be something as simple as this:

R1(config)#track 1 interface FastEthernet 0/0 line-protocol
R1(config)#interface FastEthernet 0/0
R1(config-if)#vrrp 1 track 1 decrement 50

or you can configure IP SLA and combine it with tracking like I did here:

Rene

talk2seeni · May 30, 2015, 6:30am

Hi Rene,
I think above configuration can be applied to all SVI for supporting multiple Vlans .
Is it correct? Is there any limitation ?

Thanks,
Srini

ReneMolenaar · May 30, 2015, 11:29am

That’s right, you can enable this on routed interfaces or SVI interfaces.

kunimasaanet · November 19, 2015, 1:01pm

I want lessons about VRRP version3

ReneMolenaar · November 24, 2015, 1:48pm

I will add this to my list.

ivoaleksiev · February 16, 2016, 4:15am

Hi Rene!
Thank you for this lecture.
However I’m still having hard time understanding how load-balancing for different vlans has to be configured.
Let’s say we have Routers instead of Switches A and B in the lecture topology and computers are in different vlans. How do you provide routing between them and load balancing with stateful failover?!?

andrew · February 16, 2016, 7:24pm

Hi Ivaylo,
The short answer to your question is that you will need a separate VRRP instance for each vlan that you want to have a highly available gateway.

I have attached a new topology to discuss this. In it, you will see that Computers A and B are in different VLANs (A and B). Switch A and Switch B are both connected to the access-layer Switch C. Note: These connections must be configured as trunks, let’s say the modern 802.1Q standard with both VLAN A and VLAN B allowed. Additionally, it would be a good idea to have Switch A and Switch B directly connected to each other (in the real world this is done with Etherchannel), and that connection must also be a trunk that allows all VLANs between them.

At this point, you are ready to configure Switch A and Switch B. Each will need an SVI (switched virtual interface) for both VLAN A and VLAN B. You would treat these SVIs just like regular interfaces–just think of them as the Switch’s presence in the VLAN in question. Here’s a sample of getting the config going for Switch A:

SwitchA(config)#interface vlan A
SwitchA(config-if)#ip address 192.168.1.252 255.255.255.0
SwitchA(config-if)#vrrp 1 ip 192.168.1.254
SwitchA(config-if)#vrrp 1 priority 105
SwitchA(config-if)#interface vlan B
SwitchA(config-if)#ip address 192.168.2.252 255.255.255.0
SwitchA(config-if)#vrrp 2 ip 192.168.2.254

Now Switch B:

SwitchB(config)#interface vlan A
SwitchB(config-if)#ip address 192.168.1.253 255.255.255.0
SwitchB(config-if)#vrrp 1 ip 192.168.1.254
SwitchB(config-if)#interface vlan B
SwitchB(config-if)#ip address 192.168.2.253 255.255.255.0
SwitchB(config-if)#vrrp 2 ip 192.168.2.254
SwitchB(config-if)#vrrp 2 priority 105

Notice above, that Switch B will have priority for being the virtual gateway of VLAN B, and likewise, Switch A has priority for VLAN A. This way, you can load balance which Switch will handle the traffic on a per-VLAN basis.

andrew · June 22, 2016, 5:22pm

Dinh,
You might have to provide more details, but at first glance, this won’t work well. My suggestion would be, if you are using Cisco Routers or Switches, to use GLBP instead of VRRP since it has the ability to do what you are asking easily. If you insist on using VRRP, you will have a problem with DHCP. From your example, I assume you are trying to balance the gateways on the same subnet. In DHCP (at least the Windows version), although you can define multiple gateways, this won’t result in load-balancing. Instead, the additional gateways will only be used if the primary is unavailable.

Again, it sounds like Gateway Load-Balancing Protocol is what you should use. By the way, there is a lesson on GLBP here.

aniket149 · August 11, 2016, 11:05am

Hi Rene,

I have confusion between interface tracking & object tracking.As you have mentioned VRRP only supports object tracking,does IP SLA mean object tracking?