SUMMARY:
How to configure Virtual Router Redundancy Protocol (VRRP) on J-Series/SRX Devices
PROBLEM OR GOAL:
CAUSE:
SOLUTION:
Configuration
Master Node:
------------------ Configure the Virtual IP address which will be same for both Master/Backup devices.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
virtual-address 1.1.1.1
- Then set the priority of the Master Node which should be greater than the priority of the
Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
priority 200
- Then configure the authentication method if you want to have authentication for VRRP.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
authentication-type md5
- The below accept-data command is used to accept data destined for Virtual IP address.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
accept-data
- The below command is used to subtract from priority when interface is down. For example with
below configuration if fe-0/0/1 goes down then VRRP will failover to Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.2/24 vrrp-group 1
track interface fe-0/0/1 priority-cost 200
Backup Node:
------------------- On the backup Node again configure the common Virtual IP Address.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
virtual-address 1.1.1.1
- The priority of the Backup Node should be less than the the priority of the Master.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
priority 100
- The authentication configured on the Backup Node should match with the authentication of
Master Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
authentication-type md5
- This accept data command is required on Backup Node if you want to accept data for the
Virtual IP on the Backup Node.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
accept-data
- As mentioned above 'track' is used for interface monitoring and subtracts the priority cost for
priority if the interface goes down. Rememeber even after subtraction the priority cannot go in
-ve.
set interfaces fe-0/0/0 unit 0 family inet address 1.1.1.3/24 vrrp-group 1
track interface fe-0/0/1 priority-cost 100
Verification:
Master Node:
-----------------root@Master> show vrrp brief
Interface
State
Group
fe-0/0/0.0
up
1
root@Master> show vrrp track
Track Int
State
Speed
prio
fe-0/0/1.0 up
100m
200
VR state VR Mode
master
Active
Timer
Type
A 0.724 lcl
vip
VRRP Int
VR State
fe-0/0/0.0
Group
1
Address
1.1.1.2
1.1.1.1
Current
master
Backup Node:
------------------root@Backup> show vrrp brief
Interface
State
Group
fe-0/0/0.0
up
1
VR state VR Mode
backup
Active
Timer
Type
D 3.507 lcl
vip
mas
VRRP Int
VR State
fe-0/0/0.0
Group
1
Address
1.1.1.3
1.1.1.1
1.1.1.2
Current
backup
Tracking: enabled
Current priority: 100, Configured priority: 100
Priority hold time: disabled
Interface tracking: enabled, Interface count: 1
Tracked interface: fe-0/0/0.0
Interface state: up Speed: 100m
Incurred priority cost: 0
Threshold
Priority cost
Active
down
100
Route tracking: disabled
Group VRRP PDU statistics
Advertisement sent
:0
Advertisement received
:8890
Group VRRP PDU error statistics
Bad authentication Type received
:0
Bad password received
:0
Bad MD5 digest received
:0
Bad advertisement timer received
:0
Bad VIP count received
:0
Bad VIPADDR received
:0
Group state transition statistics
Idle to master transitions
:0
Idle to backup transitions
:1
Backup to master transitions
:0
Master to backup transitions
:0
Remember VRRP is a Stateless High Availability Protocol for SRX Devices. In
order to have a Stateful High Availability please goto KB21905.
PURPOSE: