Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Basic VRRP Support

    Note: Starting in Junos OS Release 13.2, VRRP nonstop active routing (NSR) is enabled only when you configure the nonstop-routing statement at the [edit routing-options] or [edit logical system logical-system-name routing-options] hierarchy level.

    The Virtual Router Redundancy Protocol (VRRP) groups multiple routing devices into a virtual router. At any time, one of the VRRP routing platforms is the master (active) and the others are backups. If the master fails, one of the backup routing platforms becomes the new master router.

    You configure VRRP by configuring a VRRP group.

    To configure basic VRRP support, you configure VRRP groups on interfaces. An interface can be a member of one or more VRRP groups. Within a VRRP group, the master virtual router and the backup virtual router must be configured on different routing platforms.

    Mandatory parameters to configure a VRRP group are as follows (examples will follow):

    1. Configure the group identifier (mandatory).
    2. Configure the group:
      • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group (mandatory).
      • Configure the virtual link-local address (VRRP for IPv6 only). The virtual link-local address is autogenerated when you enable VRRPv3 on the interface. You may explicitly define a virtual link-local address for each VRRP for the IPv6 group. The virtual link-local address must be on the same subnet as the physical interface address.
      • Configure the priority for the routing platform to become the master virtual router (mandatory).

    When configuring a virtual IP address, consider the following:

    • The virtual IP address must be the same for all routing platforms in the VRRP group.
    • If you configure a virtual IP address to be the same as the physical interface’s address, the interface becomes the master virtual router for the group. In this case, you must configure the priority to be 255, and you must configure preemption by including the preempt statement.
    • If the virtual IP address you choose is not the same as the physical interface’s address, you must ensure that the virtual IP address does not appear anywhere else in the routing platform’s configuration. Verify that you do not use this address for other interfaces, for the IP address of a tunnel, or for the IP address of static ARP entries.
    • You cannot configure a virtual IP address to be the same as the interface’s address for an aggregated Ethernet interface. This configuration is not supported.
    • For VRRP for IPv6, the EUI-64 option cannot be used. In addition, the Duplicate Address Detection (DAD) process will not run for virtual IPv6 addresses.
    • You cannot configure the same virtual IP address on interfaces that belong to the same logical system and routing instance combination. However, you can configure the same virtual IP address on interfaces that belong to different logical systems and routing instance combinations.

    In determining what priority will make a given routing platform in a VRRP group a master or backup, consider the following:

    • You can force assignment of master and backup routers using priorities from 1 through 255, where 255 is the highest priority.
    • The priority value for the VRRP router that owns the IP address(es) associated with the virtual router must be 255.
    • VRRP routers backing up a virtual router must use priority values from 1 through 254.
    • The default priority value for VRRP routers backing up a virtual router is 100.
    • Are there tracked interfaces or routes with priority costs?

      The priority cost is the value associated with a tracked logical interface or route that is to be subtracted from the configured VRRP priority when the tracked logical interface or route goes down, forcing a new master router election. The value of a priority cost can be from 1 through 254. The sum of the priority costs for all tracked logical interfaces or routes must be less than or equal to the configured priority of the VRRP group.

    Note: Mixed tagging (configuring two logical interfaces on the same Ethernet port, one with single-tag framing and one with dual-tag framing) is supported only for interfaces on Gigabit Ethernet IQ2 and IQ PICs. If you include the flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level for a VRRP-enabled interface on a PIC that does not support mixed tagging, VRRP on that interface is disabled. In the output of the show vrrp summary operational command, the interface status is listed as Down.

    Note: If you enable MAC source address filtering on an interface, you must include the virtual MAC address in the list of source MAC addresses that you specify in the source-address-filter statement at the [edit interfaces interface-name] hierarchy level. (For more information, see the Junos OS Network Interfaces Library for Routing Devices.) MAC addresses ranging from 00:00:5e:00:01:00 through 00:00:5e:00:01:ff are reserved for VRRP, as defined in RFC 2378. The VRRP group number must be the decimal equivalent of the last hexadecimal byte of the virtual MAC address.

    Here are specific examples of configuring a VRRP group.

    Configuring for VRRP IPv4 Groups

    To configure basic VRRP (IPv4) groups on interfaces:

    Note: You can also configure a VRRP IPv4 group at the [edit logical-systems logical-system-name] hierarchy level.

    1. Configure the group identifier.
      [edit interfaces interface-name unit logical-unit-number family inet address address]user@device# set vrrp-group group-id

      Assign a value from 0 through 255.

    2. Configure the VRRP for IPv4 group:
      • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group.
        [edit interfaces interface-name unit logical-unit-number family inet address address]user@device# set vrrp-group group-id virtual-address [ addresses ]

        Normally, you configure only one virtual IP address per group. However, you can configure up to eight addresses. Do not include a prefix length in a virtual IP address.

      • Configure the priority for this routing platform to become the master virtual router.
        [edit interfaces interface-name unit logical-unit-number family inet address address]user@device# set vrrp-group group-id priority number

        Configure the value used to elect the master virtual router in the VRRP group. It can be a number from 1 through 255. The default value for backup routers is 100. A larger value indicates a higher priority. The routing platform with the highest priority within the group becomes the master router. If there are two or more backup routers with the same priority, the router that has the highest primary address becomes the master.

    Configuring VRRP for IPv6 Groups

    To configure basic VRRP for IPv6 groups on interfaces:

    Note: You can also configure a VRRP IPv6 group at the [edit logical-systems logical-system-name] hierarchy level.

    1. Configure the group identifier.
      [edit interfaces interface-name unit logical-unit-number family inet6 address ipv6-address]user@device# set vrrp-inet6-group group-id

      Assign a value from 0 through 255.

    2. Configure the VRRP for IPv6 group:

      • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group.
        [edit interfaces interface-name unit logical-unit-number family inet6 address ipv6-address]user@device# set vrrp-inet6-group group-id virtual-inet6-address [ ipv6-addresses ]

        Normally, you configure only one virtual IP address per group. However, you can configure up to eight addresses. Do not include a prefix length in a virtual IP address.

      • Configure the virtual link-local address.
        [edit interfaces interface-name unit logical-unit-number family inet6 address ipv6-address]user@device# set vrrp-inet6-group group-id virtual-link-local-address ipv6-address

        You must explicitly define a virtual link-local address for each VRRP for IPv6 group. Otherwise, when you attempt to commit the configuration, the commit request fails. The virtual link-local address must be on the same subnet as the physical interface address.

      • Configure the priority for this routing platform to become the master virtual router.
        [edit interfaces interface-name unit logical-unit-number family inet6 address ipv6-address]user@device# set vrrp-inet6-group group-id priority number

        Configure the value used to elect the master virtual router in the VRRP group. It can be a number from 1 through 255. The default value for backup routers is 100. A larger value indicates a higher priority. The routing platform with the highest priority within the group becomes the master router. If there are two or more backup routers with the same priority, the router that has the highest primary address becomes the master.

    Release History Table

    Release
    Description
    Starting in Junos OS Release 13.2, VRRP nonstop active routing (NSR) is enabled only when you configure the nonstop-routing statement at the [edit routing-options] or [edit logical system logical-system-name routing-options] hierarchy level.

    Modified: 2016-05-23