Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Basic VRRP Support

 
Note

Starting in Junos OS Release 13.2, VRRP nonstop active routing (NSR) is enabled only when you configure the nonstop-routing statement at the [edit routing-options] or [edit logical system logical-system-name routing-options] hierarchy level.

The Virtual Router Redundancy Protocol (VRRP) groups multiple routing devices into a virtual router. At any time, one of the VRRP routing platforms is the master (active) and the others are backups. If the master fails, one of the backup routing platforms becomes the new master router.

To configure basic VRRP support, configure VRRP groups on interfaces by including the vrrp-group statement:

An interface can be a member of multiple VRRP groups. Within a VRRP group, the master virtual router and the backup virtual router must be configured on different routing platforms.

You can include this statement at the following hierarchy level:

  • [edit interfaces interface-name unit logical-unit-number family inet address address]

Mandatory parameters to configure a VRRP group are as follows (examples will follow):

  1. Configure the group identifier (mandatory).

  2. Configure the group:

    • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group (mandatory).

    • Configure the virtual link-local address (VRRP for IPv6 only). The virtual link-local address is autogenerated when you enable VRRPv3 on the interface. You may explicitly define a virtual link-local address for each VRRP for the IPv6 group. The virtual link-local address must be on the same subnet as the physical interface address.

    • Configure the priority for the routing platform to become the master virtual router (mandatory).

When choosing a VRRP group identifier, consider the following:

  • In Junos OS releases prior to 17.3R1, you should not use the same VRRP group identifier on more than one subinterface on a given physical interface. This causes the VRRP virtual MAC address to be deleted from the packet forwarding engine, resulting in packet drops due to unknown MAC address. If your VRRP configuration needs to scale beyond 255 groups, consider configuring VRRP over an integrated routing and bridging (IRB) interface, since this restriction does not apply to IRB interfaces.

  • Starting in Junos OS release 17.3R1, if network-services is configured in IP mode, don't configure the same VRRP group ID for multiple VRRP sessions on the same physical interface unless VRRP delegation is disabled. If multiple VRRP sessions are configured on the same physical interface with the same VRRP group ID while VRRP delegation is enabled, the other VRRP virtual IP addresses become unreachable when one of the logical interfaces is deleted.

  • Starting in Junos OS release 17.3R1, if network-services is configured in enhanced-ip mode, you can use the same VRRP group ID for multiple VRRP sessions.

When configuring a virtual IP address, consider the following:

  • The virtual IP address must be the same for all routing platforms in the VRRP group.

  • If you configure a virtual IP address to be the same as the physical interface’s address, the interface becomes the master virtual router for the group. In this case, you must configure the priority to be 255, and you must configure preemption by including the preempt statement.

  • If the virtual IP address you choose is not the same as the physical interface’s address, you must ensure that the virtual IP address does not appear anywhere else in the routing platform’s configuration. Verify that you do not use this address for other interfaces, for the IP address of a tunnel, or for the IP address of static ARP entries.

  • You cannot configure a virtual IP address to be the same as the interface’s address for an aggregated Ethernet interface. This configuration is not supported.

  • For VRRP for IPv6, the EUI-64 option cannot be used. In addition, the Duplicate Address Detection (DAD) process will not run for virtual IPv6 addresses.

  • You cannot configure the same virtual IP address on interfaces that belong to the same logical system and routing instance combination. However, you can configure the same virtual IP address on interfaces that belong to different logical systems and routing instance combinations.

In determining what priority will make a given routing platform in a VRRP group a master or backup, consider the following:

  • You can force assignment of master and backup routers using priorities from 1 through 255, where 255 is the highest priority.

  • The priority value for the VRRP router that owns the IP address(es) associated with the virtual router must be 255.

  • VRRP routers backing up a virtual router must use priority values from 1 through 254.

  • The default priority value for VRRP routers backing up a virtual router is 100.

  • Are there tracked interfaces or routes with priority costs?

    The priority cost is the value associated with a tracked logical interface or route that is to be subtracted from the configured VRRP priority when the tracked logical interface or route goes down, forcing a new master router election. The value of a priority cost can be from 1 through 254. The sum of the priority costs for all tracked logical interfaces or routes must be less than or equal to the configured priority of the VRRP group.

Note

Mixed tagging (configuring two logical interfaces on the same Ethernet port, one with single-tag framing and one with dual-tag framing) is supported only for interfaces on Gigabit Ethernet IQ2 and IQ PICs. If you include the flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level for a VRRP-enabled interface on a PIC that does not support mixed tagging, VRRP on that interface is disabled. In the output of the show vrrp summary operational command, the interface status is listed as Down.

Note

If you enable MAC source address filtering on an interface, you must include the virtual MAC address in the list of source MAC addresses that you specify in the source-address-filter statement at the [edit interfaces interface-name] hierarchy level. (For more information, see the Junos OS Network Interfaces Library for Routing Devices.) MAC addresses ranging from 00:00:5e:00:01:00 through 00:00:5e:00:01:ff are reserved for VRRP, as defined in RFC 2378. The VRRP group number must be the decimal equivalent of the last hexadecimal byte of the virtual MAC address.

Here are specific examples of configuring a VRRP group.

Configuring for VRRP IPv4 Groups

To configure basic VRRP (IPv4) groups on interfaces:

Note

You can also configure a VRRP IPv4 group at the [edit logical-systems logical-system-name] hierarchy level.

  1. Configure the group identifier.

    Assign a value from 0 through 255.

  2. Configure the VRRP for IPv4 group:
    • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group.

      Normally, you configure only one virtual IP address per group. However, you can configure up to eight addresses. Do not include a prefix length in a virtual IP address.

    • Configure the priority for this routing platform to become the master virtual router.

      Configure the value used to elect the master virtual router in the VRRP group. It can be a number from 1 through 255. The default value for backup routers is 100. A larger value indicates a higher priority. The routing platform with the highest priority within the group becomes the master router. Master router sends periodic VRRP advertisement messages to each virtual routers. The backup routers do not attempt to preempt the master router unless it has higher priority. This eliminates service disruption unless a more preferred path becomes available. It is possible to administratively prohibit all preemption attempts, with the exception of a VRRP router becoming master router of any virtual router associated with addresses it owns.

Configuring VRRP for IPv6 Groups

To configure basic VRRP for IPv6 groups on interfaces:

Note

You can also configure a VRRP IPv6 group at the [edit logical-systems logical-system-name] hierarchy level.

  1. Configure the group identifier.

    Assign a value from 0 through 255.

  2. Configure the VRRP for IPv6 group:

    • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group.

      Normally, you configure only one virtual IP address per group. However, you can configure up to eight addresses. Do not include a prefix length in a virtual IP address.

    • Configure the virtual link-local address.

      You must explicitly define a virtual link-local address for each VRRP for IPv6 group. Otherwise, when you attempt to commit the configuration, the commit request fails. The virtual link-local address must be on the same subnet as the physical interface address.

    • Configure the priority for this routing platform to become the master virtual router.

      Configure the value used to elect the master virtual router in the VRRP group. It can be a number from 1 through 255. The default value for backup routers is 100. A larger value indicates a higher priority. The routing platform with the highest priority within the group becomes the master router. If there are two or more backup routers with the same priority, the router that has the highest primary address becomes the master.

Release History Table
Release
Description
Master router sends periodic VRRP advertisement messages to each virtual routers. The backup routers do not attempt to preempt the master router unless it has higher priority. This eliminates service disruption unless a more preferred path becomes available. It is possible to administratively prohibit all preemption attempts, with the exception of a VRRP router becoming master router of any virtual router associated with addresses it owns.
Starting in Junos OS release 17.3R1, if network-services is configured in IP mode, don't configure the same VRRP group ID for multiple VRRP sessions on the same physical interface unless VRRP delegation is disabled.
Starting in Junos OS release 17.3R1, if network-services is configured in enhanced-ip mode, you can use the same VRRP group ID for multiple VRRP sessions.
Starting in Junos OS Release 13.2, VRRP nonstop active routing (NSR) is enabled only when you configure the nonstop-routing statement at the [edit routing-options] or [edit logical system logical-system-name routing-options] hierarchy level.