VRRP Principle

Foreword

⚫ Usually, all hosts in the same network segment set an identical default routing with the gateway as the
next hop. When the gateway fails, all hosts in this network segment with the gateway as the default
routing will not be able to communicate with the external network.
⚫ VRRP, which is Virtual Router Redundancy Protocol, is proposed by the IETF to solve the phenomenon
of a single point of failure in the configuration of a static gateway in a LAN.

Innovation • Simplicity • Experience

 Objective

⚫ After taking this course, you will be able to:

➢ Understand the Working Principle of VRRP

➢ Master VRRP Configuration and Viewing

Innovation • Simplicity • Experience

 Contents

1. VRRP Overview

2. VRRP Working Principle

3. VRRP Related Configuration

Innovation • Simplicity • Experience

 Background

⚫ Usually, all hosts in the same network segment are configured with the same gateway to access the
external network
⚫ When the only gateway device fails, all hosts are unable to communicate with the external network

External
Network

Failure
Layer 3 Gateway
IP: 10.1.1.1

PC1 PC2
Gateway IP: 10.1.1.1 Gateway IP: 10.1.1.1
Local IP: 10.1.1.10 Local IP: 10.1.1.11

Innovation • Simplicity • Experience

 Introduction to VRRP

⚫ We can add gateway devices, configure VRRP protocol, and provide device backup for the default
gateway to improve the reliability of the gateway
⚫ VRRP (Virtual Router Redundancy Protocol) forms a backup group of routers (or Layer 3 switches) to
form a virtual router with a virtual IP address, and assumes the gateway function
⚫ The virtual router will work as long as there is still a router working in the backup group
SWA

Virtual Gateway

External
Network

SWB

VRRP GROUP

Innovation • Simplicity • Experience

 Contents

1. VRRP Overview

2. VRRP Working Principle

3. VRRP Related Configuration

Innovation • Simplicity • Experience

 VRRP Concepts

⚫ The Master router is in VRRP backup group 1, VRRP priority 110, virtual IP address 192.168.10.254, and
default VRRP in preemption mode.

External
Network

SWA
SWB
Group1: Master
Group1: Backup
Group1
SVI 10: 192.168.10.252 Virtual Address: 192.168.10.254
SVI 10: 192.168.10.253
VRID: 1 VRID: 1
Priority: 110 Priority: 100
Virtual IP: 192.168.10.254 Virtual IP: 192.168.10.254

IP: 192.168.10.2 IP: 192.168.10.3 IP: 192.168.10.4

Gateway: 192.168.10.254 Gateway: 192.168.10.254 Gateway: 192.168.10.254
VLAN10 VLAN10 VLAN10

Innovation • Simplicity • Experience

 VRRP Related Concepts

⚫ VRRP Backup Group:

➢ A group of routers running VRRP protocol divided together, called a backup group, is functionally equivalent to a virtual router
➢ The backup group is interface-based, and the interfaces in the backup group must belong to the same broadcast domain

⚫ Virtual Router ID (VRID).

➢ Range 1-255, user-configurable to distinguish between different backup groups
➢ A group of VRRP routers with the same VRID forms a VRRP backup group

⚫ Virtual IP address, MAC address.

➢ It is used to mark the IP and MAC address of the virtual router, and the virtual IP address is actually the user's default gateway
➢ The virtual router responds to the ARP request with the virtual MAC address 00-00-5E-00-01 -{VRID} instead of the real MAC
address of the interface

⚫ MASTER router, BACKUP router.

➢ The MASTER router is the router that actually forwards the packets in the VRRP group
➢ A BACKUP router is a router in a listening state in a VRRP group
➢ Once the MASTER router fails, the BACKUP router takes over and works

Innovation • Simplicity • Experience

 VRRP Related Concepts

⚫ Priority:
➢ The router with the highest priority in the backup group will become the Master router (priority takes the value range 0-255)
➢ When the priority is the same, compare the primary IP address of the interface, the larger the address, the higher the priority
➢ Priority default value 100 with assignable range 1-254
➢ Note: If the virtual IP address of the VRRP group is the same as the IP on the interface it is on, then the device is considered to be
the IP address owner, with priority 255, and is automatically in the Master state.

⚫ Preemption Mode:
➢ If preemption mode is turned off, the high priority backup router will not actively become the active router, even if the active router
has a lower priority, and the backup router will become the primary router only when the active router fails.
➢ Preemption mode is mainly applied to ensure that high priority routers become active as soon as they are connected to the network
➢ By default, the preemption mode is turned on

Innovation • Simplicity • Experience

 VRRP Working Principle

Two physical Router discover each other using vrrp packet

Virtual Router 10.1.1.1 Virtual router generation via VRRP 10.1.1.1

Master Backup
backup Master
Compare priorities and IP
10.1.1.2 hello 10.1.1.3
hello
One becomes the master router, and the other becomes the backup

User gateway points to virtual router

Switching occurs automatically after a failure of the primary router

Innovation • Simplicity • Experience

 VRRP Packets

⚫ VRRP messages are multicast messages that are sent by the MASTER router at regular intervals to
announce its presence
⚫ Using VRRP messages to detect various parameters of virtual routers for MASTER router elections
⚫ VRRP packets are carried on top of IP packets, using protocol number 112
⚫ The IP multicast address used for VRRP packets is 224.0.0.18

F0/0 F0/0

Passing in the same broadcast domain

VRRP Multicast Messages

Innovation • Simplicity • Experience

 Three states

⚫ Initialize: the router enters this state when it is just starting up, and enters other states after exchanging data through
VRRP messages
⚫ Master: A state of the current forwarded packets as determined by the routers in the VRRP group after exchanging
VRRP packets
⚫ Backup: A state in which the routers in a VRRP group are listening after exchanging VRRP messages

Initialize

Receiving higher priority vrrp packets

Master Backup
Within the specified timeout period
No hello message received from master
Innovation • Simplicity • Experience
 VRRP Interface Tracking

⚫ Monitor the specified interface and dynamically adjust the priority of this router based on the status of the monitored
interface
⚫ When the uplink is unavailable, the router VRRP priority will be reduced, the router will no longer be the Master, and
the backup router will become the new Master

1、When the uplink fails

Lower the priority of VRRP below 100
3、Become the new Master Router

Master Backup
Priority 150 Priority 100

2. On this network, re-elect the Master

Intranet

Innovation • Simplicity • Experience

 Contents

1. VRRP Overview

2. VRRP Working Principle

3. VRRP Related Configuration

Innovation • Simplicity • Experience

 Configuring VRRP -- VRRP Groups and Virtual IPs

⚫ Create VRRP groups and configure virtual IP addresses

➢ Interface mode: vrrp [group-number] ip [ipaddress]
➢ Note: If the configured VRRP group address is equal to the actual address of the interface, then the router will have the highest
priority and become the Master

⚫ Example: Deploy VRRP on the aggregation switch so that the primary gateway for VLAN 10 is SWA and the backup
gateway is SWB
Configuring VRRP Groups on SWA
SWA SWA(config)#interface vlan 10
F1/1 Master
10.1.1.2/24 SWA(config-if-vlan10)#ip address 10.1.1.2 255.255.255.0
SWA(config-if-vlan10)#vrrp 10 ip 10.1.1.1

VRRP GROUP 10
Vitrual IP: 10.1.1.1 Extr
anet
PC
Configuring VRRP Groups on SWB
IP: 10.1.1.12 SWB
Gateway: 10.1.1.1 F1/2 Backup SWB(config)#interface vlan 10
10.1.1.3/24
SWB(config-if-vlan10)#ip address 10.1.1.3 255.255.255.0
SWB(config-if-vlan10)#vrrp 10 ip 10.1.1.1

Innovation • Simplicity • Experience

 Configuring VRRP -- VRRP Group Priority

⚫ Setting VRRP Group Priority

➢ Enter interface mode: vrrp [group-number] priority [level]
➢ The range of priority is 1-254, and the default priority is 100

⚫ Example: Deploying VRRP on an aggregation switch and set the priority so that the primary gateway for VLAN 10 is
SWA and the backup gateway is SWB
Configuring VRRP Groups on SWA
SWA(config)#interface vlan 10
SWA SWA(config-if-vlan10)#ip address 10.1.1.2 255.255.255.0
F1/1 Master
10.1.1.2/24 SWA(config-if-vlan10)#vrrp 10 ip 10.1.1.1
Configuring the interface priority on SWA to control the election of

VRRP GROUP 10 Master

Vitrual IP: 10.1.1.1 Extr SWA(config-if-vlan10)# vrrp 10 priority 105
anet
PC
IP: 10.1.1.12 SWB Configuring VRRP Groups on SWB
Gateway: 10.1.1.1 F1/2 Backup
10.1.1.3/24 SWB(config)#interface vlan 10
SWB(config-if-vlan10)#ip address 10.1.1.3 255.255.255.0
SWB(config-if-vlan10)#vrrp 10 ip 10.1.1.1

Innovation • Simplicity • Experience

 Configuring VRRP -- Monitoring the Interface

⚫ Set the interface for VRRP backup group monitoring

➢ Interface-Mode: vrrp group track interface-type number [interface –priority]
➢ Can use this command to monitor the egress link, the monitored interface is only allowed to be a Layer 3 routable logical interface
(such as Routed Port, SVI, Loopback, Tunnel, etc.) Configuring VRRP Groups on SWA
SWA(config)#interface vlan 10
SWA(config-if-vlan10)#ip address 10.1.1.2 255.255.255.0
SWA(config-if-vlan10)#vrrp 10 ip 10.1.1.1
SWA Configuring the interface priority on SWA to control the election of Master
F1/1 Master
10.1.1.2/24 SWA(config-if-vlan10)# vrrp 10 priority 105
Configure monitoring interface on SWA, when interface down is detected, the
priority value is reduced by 10 to 95
VRRP GROUP 10
Vitrual IP: 10.1.1.1 Extr SWA(config-if-vlan10)# vrrp 10 track fastethernet 1/0 10
anet
PC
IP: 10.1.1.12 SWB
Gateway: 10.1.1.1 F1/2 Backup
10.1.1.3/24 Configuring VRRP Groups on SWB
SWB(config)#interface vlan 10
SWB(config-if-vlan10)#ip address 10.1.1.3 255.255.255.0
SWB(config-if-vlan10)#vrrp 10 ip 10.1.1.1

Innovation • Simplicity • Experience

 VRRP Command Viewing

⚫ Use the command to view the VRRP group status

➢ show vrrp brief

If it is the same as the

Priority interface IP Current status Virtual IP address

SW1#sh vrrp brief

Interface Grp Pri timer Own Pre State Master addr Group addr
VLAN 10 10 100 3 - P Master 10.1.1.2 10.1.1.1

Interface VRRP Group Switching timeout Preemption Real IP of the

name Number time method main device

Innovation • Simplicity • Experience

 VRRP Load Balancing

⚫ VRRP can be configured based on link conditions when link load balancing is required in the network
⚫ As shown in the figure below: External
Network

SWA Group1 SWB

Group1: Master Virtual Address: 192.168.10.1 Group1: Backup
Group2: Backup Group2: Master
Group2
Virtual Address: 192.168.20.2
SVI 10: 192.168.10.1 SVI 10: 192.168.10.2
SVI 20: 192.168.20.1 SVI 20: 192.168.20.2

IP: 192.168.10.3 IP: 192.168.20.3

Gateway: 192.168.10.1 Gateway: 192.168.20.2
VLAN10 VLAN20
Innovation • Simplicity • Experience
 Practice Questions

1. Which of the following is NOT the correct priority ? （ ）

A. 1
B. 254
D
C. 255
D. 256
2. What is the default value for the priority of a router in a VRRP default group? （ ）
A. 1
B. 50
C. 100 C
D. 255

Innovation • Simplicity • Experience

 Summary

⚫ VRRP Function: A group of routers (or Layer 3 switches) is formed into a backup group to generate a
virtual router that uses a virtual IP address to provide default gateway services for hosts.
⚫ VRRP Concepts: VRRP backup group, virtual router ID, virtual IP address, virtual MAC address,
MASTER router, BACKUP router.
⚫ VRRP Preemption: The router with the highest priority is the primary router, and if preemption is enabled
then when the failure is recovered, the high priority router will be actively called the active router.
⚫ VRRP Configuration Process: create VRRP group and configure virtual IP address - set VRRP Group
priority - set the interface to be monitored by VRRP backup group.

Innovation • Simplicity • Experience

 Ruijie Technical Support Portal:
https://www.ruijienetworks.com/support

Online Technical Support (Rita):

Ruijie Online https://www.ruijienetworks.com/rita

Service Channel Community:

https://community.ruijienetworks.com

Facebook (Ruijie Tech Support):

https://www.facebook.com/ruijietac

YouTube (Ruijie Technical Support):

https://www.youtube.com/c/RuijieTechnicalSupport
THANKS