Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Basic VRRP Support

Note:

Starting in Junos OS Release 13.2, VRRP nonstop active routing (NSR) is enabled only when you configure the nonstop-routing statement at the [edit routing-options] or [edit logical system logical-system-name routing-options] hierarchy level.

The Virtual Router Redundancy Protocol (VRRP) groups multiple routing devices into a virtual router. At any time, one of the VRRP routing platforms is the primary (active) and the others are backups. If the primary fails, one of the backup routing platforms becomes the new primary router.

To configure basic VRRP support, configure VRRP groups on interfaces by including the vrrp-group statement:

An interface can be a member of multiple VRRP groups. Within a VRRP group, the primary virtual router and the backup virtual router must be configured on different routing platforms.

You can include this statement at the following hierarchy level:

  • [edit interfaces interface-name unit logical-unit-number family inet address address]

Mandatory parameters to configure a VRRP group are as follows (examples will follow):

  1. Configure the group identifier (mandatory).

  2. Configure the group:

    • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group (mandatory).

    • Configure the virtual link-local address (VRRP for IPv6 only). The virtual link-local address is autogenerated when you enable VRRPv3 on the interface. You may explicitly define a virtual link-local address for each VRRP for the IPv6 group. The virtual link-local address must be on the same subnet as the physical interface address.

When choosing a VRRP group identifier, consider the following:

  • In Junos OS releases prior to 17.3R1, you should not use the same VRRP group identifier on more than one subinterface on a given physical interface. This causes the VRRP virtual MAC address to be deleted from the packet forwarding engine, resulting in packet drops due to unknown MAC address. If your VRRP configuration needs to scale beyond 255 groups, consider configuring VRRP over an integrated routing and bridging (IRB) interface, since this restriction does not apply to IRB interfaces.

  • Starting in Junos OS release 17.3R1, if network-services is configured in IP mode, don't configure the same VRRP group ID for multiple VRRP sessions on the same physical interface unless VRRP delegation is disabled. If multiple VRRP sessions are configured on the same physical interface with the same VRRP group ID while VRRP delegation is enabled, the other VRRP virtual IP addresses become unreachable when one of the logical interfaces is deleted.

  • Starting in Junos OS release 17.3R1, if network-services is configured in enhanced-ip mode, you can use the same VRRP group ID for multiple VRRP sessions.

When configuring a virtual IP address, consider the following:

  • The virtual IP address must be the same for all routing platforms in the VRRP group.

  • If you configure a virtual IP address to be the same as the physical interface’s address, the interface becomes the primary virtual router for the group. In this case, you must configure the priority to be 255, and you must configure preemption by including the preempt statement.

  • If the virtual IP address you choose is not the same as the physical interface’s address, you must ensure that the virtual IP address does not appear anywhere else in the routing platform’s configuration. Verify that you do not use this address for other interfaces, for the IP address of a tunnel, or for the IP address of static ARP entries.

  • You cannot configure a virtual IP address to be the same as the interface’s address for an aggregated Ethernet interface. This configuration is not supported.

  • For VRRP for IPv6, the EUI-64 option cannot be used. In addition, the Duplicate Address Detection (DAD) process will not run for virtual IPv6 addresses.

  • You cannot configure the same virtual IP address on interfaces that belong to the same logical system and routing instance combination. However, you can configure the same virtual IP address on interfaces that belong to different logical systems and routing instance combinations.

In determining what priority will make a given routing platform in a VRRP group a primary or backup, consider the following:

  • You can force assignment of primary and backup routers using priorities from 1 through 255, where 255 is the highest priority.

  • The priority value for the VRRP router that owns the IP address(es) associated with the virtual router must be 255.

  • VRRP routers backing up a virtual router must use priority values from 1 through 254.

  • The default priority value for VRRP routers backing up a virtual router is 100.

  • Are there tracked interfaces or routes with priority costs?

    The priority cost is the value associated with a tracked logical interface or route that is to be subtracted from the configured VRRP priority when the tracked logical interface or route goes down, forcing a new primary router election. The value of a priority cost can be from 1 through 254. The sum of the priority costs for all tracked logical interfaces or routes must be less than or equal to the configured priority of the VRRP group.

Note:

Mixed tagging (configuring two logical interfaces on the same Ethernet port, one with single-tag framing and one with dual-tag framing) is supported only for interfaces on Gigabit Ethernet IQ2 and IQ PICs. If you include the flexible-vlan-tagging statement at the [edit interfaces interface-name] hierarchy level for a VRRP-enabled interface on a PIC that does not support mixed tagging, VRRP on that interface is disabled. In the output of the show vrrp summary operational command, the interface status is listed as Down.

Note:

If you enable MAC source address filtering on an interface, you must include the virtual MAC address in the list of source MAC addresses that you specify in the source-address-filter statement at the [edit interfaces interface-name] hierarchy level. (For more information, see the Junos OS Network Interfaces Library for Routing Devices.) MAC addresses ranging from 00:00:5e:00:01:00 through 00:00:5e:00:01:ff are reserved for VRRP, as defined in RFC 2378. The VRRP group number must be the decimal equivalent of the last hexadecimal byte of the virtual MAC address.

Here are specific examples of configuring a VRRP group.

Configuring for VRRP IPv4 Groups

To configure basic VRRP (IPv4) groups on interfaces:

Note:

You can also configure a VRRP IPv4 group at the [edit logical-systems logical-system-name] hierarchy level.

  1. Configure the group identifier.

    Assign a value from 0 through 255.

  2. Configure the VRRP for IPv4 group:

    • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group.

      Normally, you configure only one virtual IP address per group. However, you can configure up to eight addresses. Do not include a prefix length in a virtual IP address.

    • Configure the priority for this routing platform to become the primary virtual router.

      Configure the value used to elect the primary virtual router in the VRRP group. It can be a number from 1 through 255. The default value for backup routers is 100. A larger value indicates a higher priority. The routing platform with the highest priority within the group becomes the primary router. Primary router sends periodic VRRP advertisement messages to each virtual routers. The backup routers do not attempt to preempt the primary router unless it has higher priority. This eliminates service disruption unless a more preferred path becomes available. It is possible to administratively prohibit all preemption attempts, with the exception of a VRRP router becoming primary router of any virtual router associated with addresses it owns.

Configuring VRRP for IPv6 Groups

To configure basic VRRP for IPv6 groups on interfaces:

Note:

You can also configure a VRRP IPv6 group at the [edit logical-systems logical-system-name] hierarchy level.

  1. Configure the group identifier.

    Assign a value from 0 through 255.

  2. Configure the VRRP for IPv6 group:

    • Configure the virtual IP address of one or more virtual routers that are members of the VRRP group.

      Normally, you configure only one virtual IP address per group. However, you can configure up to eight addresses. Do not include a prefix length in a virtual IP address.

    • Configure the virtual link-local address.

      You must explicitly define a virtual link-local address for each VRRP for IPv6 group. Otherwise, when you attempt to commit the configuration, the commit request fails. The virtual link-local address must be on the same subnet as the physical interface address.

    • Configure the priority for this routing platform to become the primary virtual router.

      Configure the value used to elect the primary virtual router in the VRRP group. It can be a number from 1 through 255. The default value for backup routers is 100. A larger value indicates a higher priority. The routing platform with the highest priority within the group becomes the primary router. If there are two or more backup routers with the same priority, the router that has the highest primary address becomes the primary.

Related Documentation

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
18.1R1
Primary router sends periodic VRRP advertisement messages to each virtual routers. The backup routers do not attempt to preempt the primary router unless it has higher priority. This eliminates service disruption unless a more preferred path becomes available. It is possible to administratively prohibit all preemption attempts, with the exception of a VRRP router becoming primary router of any virtual router associated with addresses it owns.
17.3R1
Starting in Junos OS release 17.3R1, if network-services is configured in IP mode, don't configure the same VRRP group ID for multiple VRRP sessions on the same physical interface unless VRRP delegation is disabled.
17.3R1
Starting in Junos OS release 17.3R1, if network-services is configured in enhanced-ip mode, you can use the same VRRP group ID for multiple VRRP sessions.
13.2
Starting in Junos OS Release 13.2, VRRP nonstop active routing (NSR) is enabled only when you configure the nonstop-routing statement at the [edit routing-options] or [edit logical system logical-system-name routing-options] hierarchy level.