Vrrp
Examples for High Availability (VRRP)
VRRP with MD5 authentication
Description
This scenario checks that two OSDx devices can use VRRP with MD5 authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1/IXCX2DvVdPRjflWdVpWr81yT+KSNTPOc= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type md5 set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX193wZmmzfihQnkA/kFUTA0PMgv8LMmiqn8= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type md5 set interfaces ethernet eth0 vrrp vrrp-group 1 priority 100 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 5: Run command system vrrp show detail at DUT0 and check if output matches the following regular expressions:
MD5Show output
Interface: eth0 Group: 1 State: MASTER Last Transition: 0:00:02 Priority: 200 Advertisement interval: 1 sec Authentication type: MD5 Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 6: Run command system vrrp show detail at DUT1 and check if output matches the following regular expressions:
MD5Show output
Interface: eth0 Group: 1 State: BACKUP Last Transition: 0:00:00 Master router: ff02::12 Master priority: 0 Priority: 100 Advertisement interval: 1 sec Authentication type: MD5 Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1/IXCX2DvVdPRjflWdVpWr81yT+KSNTPOc= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type md5 set interfaces ethernet eth0 vrrp vrrp-group 1 disable set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Run command system vrrp show at DUT0 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 9: Run command system vrrp show at DUT1 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:00 none
VRRP with plaintext-password authentication
Description
This scenario checks that two OSDx devices can use VRRP with plaintext-password authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX182TYtuskuoeIY7ONDgcuu+pPAd0XX8NqE= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type plaintext-password set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1+8LMGHCIEXgn3y2yZUeeui0B42glpLuLM= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type plaintext-password set interfaces ethernet eth0 vrrp vrrp-group 1 priority 100 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 5: Run command system vrrp show detail at DUT0 and check if output matches the following regular expressions:
SIMPLE_PASSWORDShow output
Interface: eth0 Group: 1 State: MASTER Last Transition: 0:00:02 Priority: 200 Advertisement interval: 1 sec Authentication type: SIMPLE_PASSWORD Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 6: Run command system vrrp show detail at DUT1 and check if output matches the following regular expressions:
SIMPLE_PASSWORDShow output
Interface: eth0 Group: 1 State: BACKUP Last Transition: 0:00:00 Master router: ff02::12 Master priority: 0 Priority: 100 Advertisement interval: 1 sec Authentication type: SIMPLE_PASSWORD Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX182TYtuskuoeIY7ONDgcuu+pPAd0XX8NqE= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type plaintext-password set interfaces ethernet eth0 vrrp vrrp-group 1 disable set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Run command system vrrp show at DUT0 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 9: Run command system vrrp show at DUT1 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
VRRP with AH authentication
Description
This scenario checks that two OSDx devices can use VRRP with AH authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX18I+l8FFol2h3Sxbp6zwqc1tP/0ERB62ck= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type ah set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:02 none
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX18zTf26XS1Qip6klFQA2At4Pw8c6DVbwYQ= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type ah set interfaces ethernet eth0 vrrp vrrp-group 1 priority 100 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 5: Run command system vrrp show detail at DUT0 and check if output matches the following regular expressions:
IPSEC_AHShow output
Interface: eth0 Group: 1 State: MASTER Last Transition: 0:00:03 Priority: 200 Advertisement interval: 1 sec Authentication type: IPSEC_AH Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 6: Run command system vrrp show detail at DUT1 and check if output matches the following regular expressions:
IPSEC_AHShow output
Interface: eth0 Group: 1 State: BACKUP Last Transition: 0:00:00 Master router: ff02::12 Master priority: 0 Priority: 100 Advertisement interval: 1 sec Authentication type: IPSEC_AH Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX18I+l8FFol2h3Sxbp6zwqc1tP/0ERB62ck= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type ah set interfaces ethernet eth0 vrrp vrrp-group 1 disable set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Run command system vrrp show at DUT0 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 9: Run command system vrrp show at DUT1 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
VRRP rfc3768-compatibility configuration
Description
Check that a virtual interface is being created when this option is configured.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 rfc3768-compatibility set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command interfaces show at DUT0 and check if output matches the following regular expressions:
eth0v1\s*192.168.10.1/32Show output
------------------------------------------------------------------- Name IP Address Admin Oper Vrf Description ------------------------------------------------------------------- eth0 192.168.100.100/24 up up fe80::dcad:beff:feef:6c00/64 eth0v1 192.168.10.1/32 up up eth1 down down
Two VRRP devices in same sync-group
Description
Configure 2 DUTs in the same sync-group to check that they do communicate between each other.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN0 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN0
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 MAIN0
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN1 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN1
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 MAIN1
Step 5: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth0 vrrp vrrp-group 1 disable
Step 6: Run command system vrrp sync-group MAIN0 show at DUT0 and check if output contains the following tokens:
BACKUPShow output
Group: MAIN0 State: BACKUP Monitoring: Interface: eth0, Group: 1
Step 7: Run command system vrrp sync-group MAIN1 show at DUT1 and check if output contains the following tokens:
MASTERShow output
Group: MAIN1 State: MASTER Monitoring: Interface: eth0, Group: 1
Two VRRP devices in same sync-group with MD5 authentication
Description
Configure 2 DUTs in the same sync-group to check that they do communicate between each other, with MD5 authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN0 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN0 authentication encrypted-password U2FsdGVkX18iOy6U7ytjJm+BXr7aL5QSl7PXf0e/ksQ= set system vrrp sync-group MAIN0 authentication type md5
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 MAIN0
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN1 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN1 authentication encrypted-password U2FsdGVkX18lLohjnE9rO4Skk+RnsDcQBQV7LwDoghE= set system vrrp sync-group MAIN1 authentication type md5
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 MAIN1
Step 5: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth0 vrrp vrrp-group 1 disable
Step 6: Run command system vrrp sync-group MAIN0 show at DUT0 and check if output contains the following tokens:
BACKUPShow output
Group: MAIN0 State: BACKUP Monitoring: Interface: eth0, Group: 1
Step 7: Run command system vrrp sync-group MAIN1 show at DUT1 and check if output contains the following tokens:
MASTERShow output
Group: MAIN1 State: MASTER Monitoring: Interface: eth0, Group: 1