EdgeRouter - Virtual Router Redundancy Protocol (VRRP)


Overview


Readers will learn how to configure VRRP (Virtual Router Redundancy Protocol) on an EdgeRouter.

NOTES & REQUIREMENTS:
Applicable to the latest EdgeOS firmware on all EdgeRouter models. Please see the Related Articles below for more information.
 
Device used in this article:

Table of Contents


  1. Network Diagram
  2. Basic VRRP Configuration
  3. Optional VRRP Additions
  4. Related Articles

Network Diagram


Back to Top

The network topology is shown below and the following interfaces are in use on the EdgeRouters:

ER-1

  • eth0 (WAN) - 203.0.113.1
  • eth1 (LAN) - 10.0.0.1/24

 ER-2

  • eth0 (WAN) - 203.0.113.2
  • eth1 (LAN) - 10.0.0.2/24

topology.png

The VRRP Virtual IP address (VIP) that is shared between the routers is 10.0.0.254/24.


Basic VRRP Configuration


Back to Top

CLI: Access the command line interface on ER-1. You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Define the VRRP group and the virtual IP address.

set interfaces ethernet eth1 vrrp vrrp-group 10 virtual-address 10.0.0.254

3. Set the VRRP priority to ensure that ER-1 becomes the master (active) router.

set interfaces ethernet eth1 vrrp vrrp-group 10 priority 200
NOTE: A higher number equals a higher priority. 

4. Commit the changes and save the configuration.

commit ; save

CLI: Access the command line interface on ER-2. You can do this using the CLI button in the GUI or by using a program such as PuTTY.

1. Enter configuration mode.

configure

2. Define the VRRP group and the virtual IP address.

set interfaces ethernet eth1 vrrp vrrp-group 10 virtual-address 10.0.0.254

3. Set the VRRP priority to ensure that ER-2 becomes the backup (passive) router.

set interfaces ethernet eth1 vrrp vrrp-group 10 priority 100

4. Commit the changes and save the configuration.

commit ; save

 

You can verify the VRRP configuration with the following operational mode commands:

show vrrp
show vrrp summary

Optional VRRP Additions


Back to Top

In addition to setting the priority, VRRP supports the following optional additions:

  • Authentication
  • Preemption (enabled by default)
  • Transition Scripts
  • Sync Groups

The VRRP authentication feature will protect the VRRP hello messages with a plain-text password or AH (Authentication Header) encryption. To enable authentication, run the following commands:

configure
set interfaces ethernet eth1 vrrp vrrp-group 10 authentication type < ah | plaintext-password >
set interfaces ethernet eth1 vrrp vrrp-group 10 authentication password < password >
commit ; save

 

Transition scripts are used to run a script whenever the state of the VRRP router changes. The available state changes are:

  • master Run a script when the EdgeRouter transitions to the VRRP master router.
  • backup Run a script when the EdgeRouter transitions to the VRRP backup router.
  • fault Run a script when the underlying Ethernet interface goes down.

 

To add a custom transition script to VRRP, run the following commands:

configure
set interfaces ethernet eth1 vrrp vrrp-group 10 run-transition-scripts < master | backup | fault > < script-location >
commit ; save

Related Articles


Back to Top

Intro to Networking - How to Establish a Connection Using SSH


We're sorry to hear that!