Anda di halaman 1dari 5

Virtual Router Redundancy Protocol VRRP Configuration Example

SUMMARY:
How to configure Virtual Router Redundancy Protocol (VRRP) on J-Series/SRX Devices

PROBLEM OR GOAL:
CAUSE:
SOLUTION:
Configuration
Master Node:
------------------ Configure the Virtual IP address which will be same for both Master/Backup devices.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
virtual-address 1.1.1.1

- Then set the priority of the Master Node which should be greater than the priority of the
Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
priority 200

- Then configure the authentication method if you want to have authentication for VRRP.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
authentication-type md5

- Configure the password for authentication on the Master Node.


set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
authentication-key Juniper

- The below accept-data command is used to accept data destined for Virtual IP address.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
accept-data

- The below command is used to subtract from priority when interface is down. For example with
below configuration if fe-0/0/1 goes down then VRRP will failover to Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
track interface fe-0/0/1 priority-cost 200

Backup Node:
------------------- On the backup Node again configure the common Virtual IP Address.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
virtual-address 1.1.1.1

- The priority of the Backup Node should be less than the the priority of the Master.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
priority 100

- The authentication configured on the Backup Node should match with the authentication of
Master Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
authentication-type md5

- The password configure should also be the same.


set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
authentication-key Juniper

- This accept data command is required on Backup Node if you want to accept data for the
Virtual IP on the Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
accept-data

- As mentioned above 'track' is used for interface monitoring and subtracts the priority cost for
priority if the interface goes down. Rememeber even after subtraction the priority cannot go in
-ve.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
track interface fe-0/0/1 priority-cost 100

Verification:
Master Node:
-----------------root@Master> show vrrp brief
Interface
State
Group
fe-0/0/0.0
up
1
root@Master> show vrrp track
Track Int
State
Speed
prio
fe-0/0/1.0 up
100m
200

VR state VR Mode
master
Active

Timer
Type
A 0.724 lcl
vip

VRRP Int

VR State

fe-0/0/0.0

Group
1

Address
1.1.1.2
1.1.1.1
Current

master

root@Master> show vrrp detail


Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.2/24
Index: 75, SNMP ifIndex: 502, VRRP-Traps: disabled
Interface state: up, Group: 1, State: master, VRRP Mode: Active
Priority: 200, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Advertisement Timer: 0.185s, Master router: 1.1.1.2
Virtual router uptime: 20:56:41, Master router uptime: 20:37:55
Virtual Mac: 00:00:5e:00:01:01
Tracking: enabled
Current priority: 200, Configured priority: 200

Priority hold time: disabled


Interface tracking: enabled, Interface count: 1
Interface
Int state
Int speed
Incurred priority cost
fe-0/0/1.0
up
100m
0
Route tracking: disabled
root@Master> show vrrp extensive
Interface: fe-0/0/0.0, Interface index :75, Groups: 1, Active :1
Interface VRRP PDU statistics
Advertisement sent
:84472
Advertisement received
:743
Packets received
:743
No group match received
:0
Interface VRRP PDU error statistics
Invalid IPAH next type received
:0
Invalid VRRP TTL value received
:0
Invalid VRRP version received
:0
Invalid VRRP PDU type received
:0
Invalid VRRP authentication type received:0
Invalid VRRP IP count received
:0
Invalid VRRP checksum received
:0
Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.2/24
Index: 75, SNMP ifIndex: 502, VRRP-Traps: disabled
Interface state: up, Group: 1, State: master, VRRP Mode: Active
Priority: 200, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Advertisement Timer: 0.665s, Master router: 1.1.1.2
Virtual router uptime: 20:56:56, Master router uptime: 20:38:10
Virtual Mac: 00:00:5e:00:01:01
Tracking: enabled
Current priority: 200, Configured priority: 200
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Tracked interface: fe-0/0/1.0
Interface state: up Speed: 100m
Incurred priority cost: 0
Threshold
Priority cost
Active
down
200
Route tracking: disabled
Group VRRP PDU statistics
Advertisement sent
:84472
Advertisement received
:743
Group VRRP PDU error statistics
Bad authentication Type received
:0
Bad password received
:0
Bad MD5 digest received
:0
Bad advertisement timer received
:0
Bad VIP count received
:0
Bad VIPADDR received
:0
Group state transition statistics
Idle to master transitions
:0
Idle to backup transitions
:1
Backup to master transitions
:2
Master to backup transitions
:1

Backup Node:
------------------root@Backup> show vrrp brief
Interface
State
Group
fe-0/0/0.0
up
1

root@Backup> show vrrp track


Track Int
State
Speed
prio
fe-0/0/1.0 up
100m
100

VR state VR Mode
backup
Active

Timer
Type
D 3.507 lcl
vip
mas

VRRP Int

VR State

fe-0/0/0.0

Group
1

Address
1.1.1.3
1.1.1.1
1.1.1.2
Current

backup

root@Backup> show vrrp detail


Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.3/24
Index: 72, SNMP ifIndex: 527, VRRP-Traps: disabled
Interface state: up, Group: 1, State: backup, VRRP Mode: Active
Priority: 100, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Dead timer: 2.651s, Master priority: 200, Master router: 1.1.1.2
Virtual router uptime: 02:11:02
Tracking: enabled
Current priority: 100, Configured priority: 100
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Interface
Int state
Int speed
Incurred priority cost
fe-0/0/1.0
up
100m
0
Route tracking: disabled
root@Backup> show vrrp extensive
Interface: fe-0/0/0.0, Interface index :72, Groups: 1, Active :1
Interface VRRP PDU statistics
Advertisement sent
:0
Advertisement received
:8890
Packets received
:8890
No group match received
:0
Interface VRRP PDU error statistics
Invalid IPAH next type received
:0
Invalid VRRP TTL value received
:0
Invalid VRRP version received
:0
Invalid VRRP PDU type received
:0
Invalid VRRP authentication type received:0
Invalid VRRP IP count received
:0
Invalid VRRP checksum received
:0
Physical interface: fe-0/0/0, Unit: 0, Address: 1.1.1.3/24
Index: 72, SNMP ifIndex: 527, VRRP-Traps: disabled
Interface state: up, Group: 1, State: backup, VRRP Mode: Active
Priority: 100, Advertisement interval: 1, Authentication type: md5
Delay threshold: 100, Computed send rate: 0
Preempt: yes, Accept-data mode: yes, VIP count: 1, VIP: 1.1.1.1
Dead timer: 3.339s, Master priority: 200, Master router: 1.1.1.2
Virtual router uptime: 02:11:08

Tracking: enabled
Current priority: 100, Configured priority: 100
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Tracked interface: fe-0/0/0.0
Interface state: up Speed: 100m
Incurred priority cost: 0
Threshold
Priority cost
Active
down
100
Route tracking: disabled
Group VRRP PDU statistics
Advertisement sent
:0
Advertisement received
:8890
Group VRRP PDU error statistics
Bad authentication Type received
:0
Bad password received
:0
Bad MD5 digest received
:0
Bad advertisement timer received
:0
Bad VIP count received
:0
Bad VIPADDR received
:0
Group state transition statistics
Idle to master transitions
:0
Idle to backup transitions
:1
Backup to master transitions
:0
Master to backup transitions
:0
Remember VRRP is a Stateless High Availability Protocol for SRX Devices. In
order to have a Stateful High Availability please goto KB21905.

PURPOSE:

Anda mungkin juga menyukai