Switching - VRRP Lab Guide
VRRP Lab Guide
A VRRP (Virtual Router Redundancy Protocol) lab guide is a technical document or resource that provides step-by-step instructions for setting up and configuring a VRRP lab environment. VRRP is a network protocol used for providing high availability by allowing multiple routers to work together in a virtual router group, with one router designated as the master and the others as backups. The lab guide typically covers the creation of a VRRP topology, configuration of VRRP parameters such as virtual IP addresses and priority settings, and the verification of failover scenarios to ensure seamless transition between the master and backup routers. It may also include troubleshooting steps and best practices for implementing VRRP in different network scenarios. Lab guides serve as invaluable resources for networking professionals, students, or anyone looking to gain hands-on experience with VRRP and understand its role in enhancing network reliability.
Lab:
VRRP Topology
Task 1: Configure VRRP
Step 1: In the configuration mode configure the router with following initial configuration
R1:
hostname EDGE_1
ip route 0.0.0.0 0.0.0.0 101.0.0.2
interface e0/0
ip add 10.0.0.251 255.255.255.0
no shutdown
ip nat inside
interface e0/1
ip add 101.0.0.1 255.255.255.0
no shutdown
ip nat outside
ip nat inside source list 1 interface e0/1 overload
access-list 1 permit any
exit
R2:
hostname EDGE_2
ip route 0.0.0.0 0.0.0.0 102.0.0.2
interface e0/0
ip add 10.0.0.252 255.255.255.0
ip nat inside
no shutdown
interface e0/1
ip add 102.0.0.1 255.255.255.0
ip nat outside
no shutdown
ip nat inside source list 1 interface e0/1 overload
access-list 1 permit any
exit
R4:
hostname INTERNET
interface e0/1
ip add 101.0.0.2 255.255.255.0
no shutdown
interface e0/2
ip add 102.0.0.2 255.255.255.0
no shutdown
interface loopback 0
ip add 200.0.0.1 255.255.255.255
exit
R5:
hostname HOST1
interface ethernet 0/0
ip add 10.0.0.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.254
exit
SW9:
hostname ACCESS_SWITCH
no ip domain-lookup
interface range ethernet0/0-3, ethernet1/0-3
switchport mode access
switchport access vlan 10
exit
Step 2: Use following command to configure Basic VRRP on R1, R2, R3
interface Ethernet0/0
vrrp 10 ip 10.0.0.254
vrrp 10 priority 200
exit
priority 200 is used to make R1 become VRRP Master
R2:
interface Ethernet0/0
vrrp 10 ip 10.0.0.254
exit
R3:
interface Ethernet0/0
vrrp 10 ip 10.0.0.254
exit
Task 2: Verification
Step 1: Verify Master and Backup State in VRRP using show VRRP command
R2:
EDGE_1#show vrrp
Ethernet0/0 - Group 10
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Master Router is 10.0.0.251 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
EDGE_2#show vrrp
Ethernet0/0 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.0.251, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.946 sec)
EDGE_3#show vrrp
Ethernet0/0 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.0.251, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.107 sec)
Note: Preemption is enabled in VRRP by Default
Step 2: Verify VRRP Status using show VRRP brief command
EDGE_1#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Et0/0 10 200 3218 Y Master 10.0.0.251 10.0.0.254
EDGE_2#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Et0/0 10 100 3609 Y Backup 10.0.0.251 10.0.0.254
EDGE_3#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Et0/0 10 100 3609 Y Backup 10.0.0.251 10.0.0.254
Step 3: Use debug VRRP command to monitor group messages for troubleshooting purposes.
R1:
EDGE_1#debug vrrp
VRRP debugging is on
EDGE_1#
*Jun 16 10:46:56.373: VRRP: Grp 10 sending Advertisement checksum BF5
*Jun 16 10:46:57.190: VRRP: Grp 10 sending Advertisement checksum BF5
EDGE_1#
*Jun 16 10:46:58.014: VRRP: Grp 10 sending Advertisement checksum BF5
*Jun 16 10:46:58.914: VRRP: Grp 10 sending Advertisement checksum BF5
Task 3: Understanding VRRP Failover
Step 1: Shutdown the Master router to initiate failover
R1:
interface e0/0
shutdown
Following messages will be seen on master and backup routers.
EDGE_1#
*Jun 16 10:57:17.344: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Master -> Init
EDGE_3#
*Jun 16 10:57:17.954: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Backup -> Master
Step 2: Verify VRRP Failover and check if EDGE_3 router has become master
EDGE_3#show vrrp
Ethernet0/0 - Group 10
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.0.253 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
Step 3: Reinstate R1 routers state as Master. Use no shutdown on R1 router
R1:
interface e0/0
no shutdown
Following messages will be seen on master and backup routers
EDGE_1#
*Jun 16 11:01:53.973: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Backup -> Master
Step 4: Verify and check if EDGE_1 router has re-instated its state and has become master
EDGE_1#show vrrp
Ethernet0/0 - Group 10
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Master Router is 10.0.0.251 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
Task 4: Verify VRRP Failover using VRRP Tracking
Configure the Topology Such That If EDGE_1's WAN Interface were to go down, EDGE_2 should become Master.
If Both EDGE_1 and EDGE_2 WAN Interface is down, EDGE_3 should become Master
Step 1: Configure VRRP Track
R1:
interface ethernet 0/0
vrrp 10 track 1 decrement 101
track 1 interface ethernet 0/1 line-protocol
exit
R2:
interface ethernet 0/0
vrrp 10 priority 150
vrrp 10 track 1 decrement 51
track 1 interface ethernet 0/1 line-protocol
exit
Step 2: Verify VRRP Tracking by shutting down EDGE_1 WAN Interface
R1:
EDGE_1#debug vrrp
VRRP Events debugging is on
EDGE_1#conf t
EDGE_1(config)#int e0/1
EDGE_1(config-if)#shut
*Jun 16 11:46:05.472: %TRACKING-5-STATE: 1 interface Et0/1 line-protocol Up->Down
EDGE_1(config-if)#
*Jun 16 11:46:07.473: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to
administratively down
*Jun 16 11:46:08.477: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/1, changed state to down
EDGE_1(config-if)#
*Jun 16 11:46:08.680: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Master -> Backup
EDGE_2#debug vrrp
VRRP Events debugging is on
*Jun 16 11:46:08.677: VRRP: Grp 10 Event - Master down timer expired
*Jun 16 11:46:08.677: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Backup -> Master
Step 3: Verify that by shutting down EDGE_1 WAN Interface the priority is decremented and Edge_2 has become master
EDGE_1#show vrrp
Ethernet0/0 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 99 (cfgd 200)
Track object 1 state Down decrement 101
Authentication MD5, key-chain "RST"
Master Router is 10.0.0.253, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec (expires in 2.864 sec)
EDGE_1's WAN Interface goes down, EDGE_2 becomes Master
Step 4: Verify VRRP Tracking by shutting down EDGE_2 WAN Interface
EDGE_2#debug vrrp
VRRP Events debugging is on
EDGE_2(config)#interface ethernet 0/1
EDGE_2(config-if)#shut
*Jun 16 11:49:04.849: %TRACKING-5-STATE: 1 interface Et0/1 line-protocol Up->Down
*Jun 16 11:49:06.855: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to
administratively down
*Jun 16 11:49:07.856: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/1, changed state to down
*Jun 16 11:49:08.299: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Master -> Backup
EDGE_3#
*Jun 16 11:49:08.297: VRRP: Grp 10 Event - Master down timer expired
*Jun 16 11:49:08.297: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Backup -> Master
EDGE_2#sh vrrp
Ethernet0/0 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 99 (cfgd 150)
Track object 1 state Down decrement 51
Authentication MD5, key-chain "RST"
Master Router is 10.0.0.253, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec (expires in 2.543 sec)
EDGE_3#show vrrp
Ethernet0/0 - Group 10
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "RST"
Master Router is 10.0.0.253 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
Both EDGE_1 and EDGE_2 WAN Interface is down, EDGE_3 becomes Master
EDGE_1#conf t
EDGE_1(config)#interface e0/1
EDGE_1(config-if)#no shut
*Jun 16 11:56:12.467: %TRACKING-5-STATE: 1 interface Et0/1 line-protocol Down->Up
*Jun 16 11:56:14.468: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up
*Jun 16 11:56:15.103: VRRP: Grp 10 Event - Master down timer expired
*Jun 16 11:56:15.103: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Backup -> Master
*Jun 16 11:56:15.468: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet0/1, changed state to up
EDGE_2(config-if)#
*Jun 16 11:56:15.105: %VRRP-6-STATECHANGE: Et0/0 Grp 10 state Master -> Backup
Task 5: Verify VRRP Authentication
Step 1: Configure VRRP Authentication
R1:
interface e0/0
vrrp 10 authentication md5 key-chain RST
key chain RST
key 1
key-string cisco
exit
Configure EDGE_2 to match authentication configured previously on EDGE_1
R2:
interface e0/0
vrrp 10 authentication md5 key-chain RST
key chain RST
key 1
key-string cisco
exit
Configure EDGE_3 to match authentication configured previously on EDGE_1
R3:
interface e0/0
vrrp 10 authentication md5 key-chain RST
key chain RST
key 1
key-string cisco
exit
Step 2: Verify VRRP Authentication
EDGE_1#sh vrrp
Ethernet0/0 - Group 10
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Authentication MD5, key-chain "RST"
Master Router is 10.0.0.251 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
EDGE_2#sh vrrp
Ethernet0/0 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "RST"
Master Router is 10.0.0.251, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.299 sec)
EDGE_3#sh vrrp
Ethernet0/0 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "RST"
Master Router is 10.0.0.251, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.462 sec)
If there is an Authentication failure, that all routers with failed authentication will
transition to Master state
Task 6: Configure MVRRP (Multigroup Virtual Router Redundancy Protocol)
Configure EDGE_1 and EDGE_2 such that
EDGE_1 --> MASTER FOR VLAN 10 / STANDBY FOR VLAN 20
EDGE_2 --> MASTER FOR VLAN 20 / STANDBY FOR VLAN 10
EDGE_3 --> SHOULD TAKE OVER IF ALL OTHER ROUTERS FAIL OR WAN LINK IS DOWN.
HOST 1 ---> VLAN 10 ---> 10.0.0.1/24 ---> DFG: 10.0.0.254
HOST 2 ---> VLAN 10 ---> 10.0.0.2/24 ---> DFG: 10.0.0.254
HOST 3 ---> VLAN 20 ---> 20.0.0.1/24 ---> DFG: 20.0.0.254
HOST 4 ---> VLAN 20 ---> 20.0.0.2/24 ---> DFG: 20.0.0.
EDGE_1 --> E0/0.10 --> VLAN 10 --> IP 10.0.0.251/24 --> STNDBY IP 10.0.0.254 -->PRI=200
EDGE_1 --> E0/0.20 --> VLAN 20 --> IP 20.0.0.251/24 --> STNDBY IP 20.0.0.254 -->PRI=150
EDGE_2 --> E0/0.10 --> VLAN 10 --> IP 10.0.0.252/24 --> STNDBY IP 10.0.0.254 -->PRI=200
EDGE_2 --> E0/0.20 --> VLAN 20 --> IP 20.0.0.252/24 --> STNDBY IP 10.0.0.254 -->PRI=150
EDGE_3 --> E0/0.10 --> VLAN 10 --> IP 10.0.0.253/24 --> STNDBY IP 10.0.0.254 -->PRI=100
EDGE_3 --> E0/0.20 --> VLAN 20 --> IP 20.0.0.253/24 --> STNDBY IP 10.0.0.254 -->PRI=100
EDGE_1 ---> TRACK E0/1 --> DECREMENT 101
EDGE_2 ---> TRACK E0/1 --> DECREMENT 51
EDGE_3 ---> NO TRACK
Step 1: Configure Initial Configuration
R1:
hostname EDGE_1
ip route 0.0.0.0 0.0.0.0 101.0.0.2
interface e0/0
no shutdown
interface ethernet 0/0.10
encapsulation dot1q 10
ip add 10.0.0.251 255.255.255.0
ip nat inside
interface ethernet 0/0.20
encapsulation dot1q 20
ip add 20.0.0.251 255.255.255.0
ip nat inside
interface ethernet 0/1
ip add 101.0.0.1 255.255.255.0
no shutdown
ip nat outside
ip nat inside source list 1 interface e0/0 overload
access-list 1 permit any
exit
R2:
hostname EDGE_2
ip route 0.0.0.0 0.0.0.0 102.0.0.2
interface e0/0
no shutdown
interface e0/0.10
encapsulation dot1q 10
ip add 10.0.0.252 255.255.255.0
ip nat inside
interface e0/0.20
encapsulation dot1q 20
ip add 20.0.0.252 255.255.255.0
ip nat inside
interface e0/1
ip add 102.0.0.1 255.255.255.0
no shutdown
ip nat outside
ip nat inside source list 1 interface e0/0 overload
exit
R3:
hostname EDGE_3
ip route 0.0.0.0 0.0.0.0 103.0.0.2
interface e0/0
no shutdown
interface e0/0.10
encapsulation dot1q 10
ip add 10.0.0.253 255.255.255.0
ip nat inside
interface e0/0.20
encapsulation dot1q 20
ip add 20.0.0.253 255.255.255.0
ip nat inside
interface e0/1
ip add 103.0.0.1 255.255.255.0
no shutdown
ip nat outside
ip nat inside source list 1 interface e0/0 overload
exit
R4:
hostname OUTSIDE
interface e0/1
ip add 101.0.0.2 255.255.255.0
no shutdown
interface e0/2
ip add 102.0.0.2 255.255.255.0
no shutdown
interface e0/3
ip add 103.0.0.2 255.255.255.0
no shutdown
interface loopback 0
ip add 200.0.0.1 255.255.255.255
exit
R5:
hostname HOST1
no ip domain-lookup
interface ethernet 0/0
ip add 10.0.0.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.254
exit
R6:
hostname HOST2
no ip domain-lookup
interface ethernet 0/0
ip add 10.0.0.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.0.254
exit
R7:
hostname HOST3
no ip domain-lookup
interface ethernet 0/0
ip add 20.0.0.1 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 20.0.0.254
exit
R8:
hostname HOST4
no ip domain-lookup
interface ethernet 0/0
ip add 20.0.0.2 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 20.0.0.254
exit
SW9:
hostname ACCESS_SWITCH
no ip domain-lookup
interface range ethernet1/0-1
switchport mode access
switchport access vlan 10
interface range ethernet1/2-3
switchport mode access
switchport access vlan 20
interface range e0/0-3
switchport trunk encap dot1q
switchport mode trunk
exit
Step 2: Configure Basic MVRRP
R1:
interface e0/0.10
vrrp 10 ip 10.0.0.254
vrrp 10 priority 200
vrrp 10 track 1 decrement 101
interface e0/0.20
vrrp 20 ip 20.0.0.254
vrrp 20 track 1 decrement 51
track 1 interface ethernet 0/1 line-protocol
exit
R2:
interface e0/0.10
vrrp 10 ip 10.0.0.254
vrrp 10 track 1 decrement 51
interface e0/0.20
vrrp 20 ip 20.0.0.254
vrrp 20 priority 200
vrrp 20 track 1 decrement 101
track 1 interface ethernet 0/1 line-protocol
exit
R3:
interface e0/0.10
vrrp 10 ip 10.0.0.254
interface e0/0.20
vrrp 20 ip 20.0.0.254
exit
Task 2: Verification
Step 1: Verify MVRRP
EDGE_1#sh vrrp
Ethernet0/0.10 - Group 10
State is Master
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Track object 1 state Up decrement 101
Master Router is 10.0.0.251 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
Ethernet0/0.20 - Group 20
State is Backup
Virtual IP address is 20.0.0.254
Virtual MAC address is 0000.5e00.0114
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Track object 1 state Up decrement 51
Master Router is 20.0.0.252, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.333 sec)
EDGE_2#sh vrrp
Ethernet0/0.10 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Track object 1 state Up decrement 51
Master Router is 10.0.0.251, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.813 sec)
Ethernet0/0.20 - Group 20
State is Master
Virtual IP address is 20.0.0.254
Virtual MAC address is 0000.5e00.0114
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 200
Track object 1 state Up decrement 101
Master Router is 20.0.0.252 (local), priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.218 sec
EDGE_3#show vrrp
Ethernet0/0.10 - Group 10
State is Backup
Virtual IP address is 10.0.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.0.0.251, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.508 sec)
Ethernet0/0.20 - Group 20
State is Backup
Virtual IP address is 20.0.0.254
Virtual MAC address is 0000.5e00.0114
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 20.0.0.252, priority is 200
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.030 sec)