==== VRRP ==== .. sidebar:: Contents .. contents:: :depth: 2 :local: This chapter covers some aspects related to :osdx:cfg:`system vrrp`, which is a feature that allows users to **manage and monitor** the VRRP system. **VRRP** (Virtual Router Redundancy Protocol) is a protocol used to **increase network reliability** by automatically assigning router responsibility to one of several routers. If the **master router** fails, VRRP dynamically assigns the role of the master to a **backup router**, ensuring continuous service without disruption. The protocol shares a **virtual IP address** between a group of routers, with only one acting as **master** at any given time. Configuration ============= VRRP can be configured for :doc:`Ethernet ` and Bridge interfaces, either using :osdx:cfg:`interfaces ethernet * vrrp vrrp-group *` or :osdx:cfg:`interfaces bridge * vrrp vrrp-group *`. In OSDx, the VRRP configuration allows various parameters to be set to fine-tune the protocol's behavior. Each configuration is applied to the specific interface where the protocol is active, for example: :osdx:cfg:`interfaces ethernet * vrrp vrrp-group *` An explanation of each configurable parameter is provided below: * ``advertise-interval``: This defines the **interval (in seconds)** between VRRP advertisement messages sent by the master router to other routers in the group. A lower value means faster failover detection, while a higher value reduces network traffic. * ``advisor``: This is used to specify an external check or mechanism to **assess the VRRP status**. It can be tied to external advisors for monitoring purposes. * ``alarm``: Sets an alarm to **trigger actions or alerts** when there is a **state change** in the VRRP group (e.g., when a backup router becomes master). This is useful to log or monitor critical changes in the network. * ``authentication``: Defines the **authentication method** used to secure VRRP messages. This ensures only legitimate routers can participate in the VRRP process. Available authentication methods include **simple password** (``plaintext-password``), **IP AH** (``ah``) or **MD5** (``md5``). For example: .. code-block:: none set interfaces ethernet vrrp vrrp-group authentication password set interfaces ethernet vrrp vrrp-group authentication type MD5 .. note:: Authentication is not available when using an IPv6 virtual address. * ``description``: Allows you to set a **description** for the VRRP group for easier identification and management. * ``disable``: Temporarily **disables** the VRRP group without deleting it, preventing the router from participating in VRRP elections. * ``preempt``: Enables or disables **preempt mode**. When preempt is enabled, if a **higher-priority router** joins the network, it will automatically **become the master** router (even if the current master is functional). * ``priority``: Sets the priority of the router within the VRRP group. **Higher numbers mean higher priority**. The router with the highest priority becomes the master. * ``rfc3768-compatibility``: Enables VRRP compatibility with **RFC 3768** standards. When enabled, the router creates a **virtual interface** that automatically assigns a **virtual MAC and IP address**. This virtual MAC address is used as the source for all VRRP messages sent by the active router, following the expected VRRP behavior defined in `RFC3768 `_. .. note:: RFC 3768 compatibility is not available when using an IPv6 virtual address. * ``source-address``: Sets the **source IP address used for sending VRRP packets**. This helps ensure that packets originate from the correct router interface. .. note:: IPv4 and IPv6 source and virtual addresses cannot be mixed in the same VRRP group. * ``sync-group``: Adds the VRRP group to a sync group. Sync groups allow **multiple VRRP groups to failover together**, ensuring that all virtual IPs transition between routers simultaneously. To use this option, you must first create a sync-group using :osdx:cfg:`system vrrp sync-group *`. To better understand how this feature works, check the :ref:`sync-group example ` * ``virtual-address``: This parameter is **REQUIRED**, it must be configured for VRRP to work. The virtual address is the **shared IP that will be used by the master router**. This address moves between routers as they assume or relinquish the master role. .. note:: IPv4 and IPv6 virtual addresses cannot be mixed in the same VRRP group. Monitoring ============== To monitor the status and configuration of VRRP, as well as the sync groups, you can use the following commands: * :osdx:op:`system vrrp show`: provides essential details, including the **state of the VRRP instance** (e.g., MASTER, BACKUP), **priority** levels, **virtual IP address** being managed or **interface** information and the last transition events. Use the ``show detail`` command to get extensive information on VRRP parameters: .. code-block:: none admin@osdx$ system vrrp show detail Interface: eth0p0 Group: 1 State: BACKUP Last Transition: 5:11:15 Master router: 10.0.0.1 Master priority: 100 Priority: 100 Advertisement interval: 1 sec Authentication type: MD5 Preempt: disabled Sync-group: none VIP count: 1 10.0.0.2 .. note:: Authentication type is not shown if the virtual addres is a IPv6 address. * :osdx:op:`system vrrp sync-group show`: displays the **status** and configuration of **VRRP sync groups**, providing information like the **sync group ID**, the list of VRRP instances assigned to the sync group, or the state of each member instance within the group. .. _examples: Examples ======== :doc:`Here ` you can find examples related to VRRP. Command Summary =============== .. osdx:cmdtree:: cfg system vrrp sync-group * interfaces ethernet * vrrp vrrp-group * .. osdx:cmdtree:: op system vrrp show system vrrp sync-group *