VRRP

This chapter covers some aspects related to system vrrp, which is a feature that allows users to manage and monitor the VRRP system.

VRRP (Virtual Router Redundancy Protocol) is a protocol used to increase network reliability by automatically assigning router responsibility to one of several routers. If the master router fails, VRRP dynamically assigns the role of the master to a backup router, ensuring continuous service without disruption. The protocol shares a virtual IP address between a group of routers, with only one acting as master at any given time.

Configuration

VRRP can be configured for Ethernet and Bridge interfaces, either using interfaces ethernet <txt> vrrp vrrp-group <u32> or interfaces bridge <txt> vrrp vrrp-group <u32>.

In OSDx, the VRRP configuration allows various parameters to be set to fine-tune the protocol’s behavior. Each configuration is applied to the specific interface where the protocol is active, for example: interfaces ethernet <txt> vrrp vrrp-group <u32>

An explanation of each configurable parameter is provided below:

  • advertise-interval: This defines the interval (in seconds) between VRRP advertisement messages sent by the master router to other routers in the group. A lower value means faster failover detection, while a higher value reduces network traffic.

  • advisor: This is used to specify an external check or mechanism to assess the VRRP status. It can be tied to external advisors for monitoring purposes.

  • alarm: Sets an alarm to trigger actions or alerts when there is a state change in the VRRP group (e.g., when a backup router becomes master). This is useful to log or monitor critical changes in the network.

  • authentication: Defines the authentication method used to secure VRRP messages. This ensures only legitimate routers can participate in the VRRP process. Available authentication methods include simple password (plaintext-password), IP AH (ah) or MD5 (md5). For example:

    set interfaces ethernet <ethN> vrrp vrrp-group <group-id> authentication password <secret-key>
set interfaces ethernet <ethN> vrrp vrrp-group <group-id> authentication type MD5

    Note

    Authentication is not available when using an IPv6 virtual address.

  • description: Allows you to set a description for the VRRP group for easier identification and management.

  • disable: Temporarily disables the VRRP group without deleting it, preventing the router from participating in VRRP elections.

  • preempt: Enables or disables preempt mode. When preempt is enabled, if a higher-priority router joins the network, it will automatically become the master router (even if the current master is functional).

  • priority: Sets the priority of the router within the VRRP group. Higher numbers mean higher priority. The router with the highest priority becomes the master.

  • rfc3768-compatibility: Enables VRRP compatibility with RFC 3768 standards. When enabled, the router creates a virtual interface that automatically assigns a virtual MAC and IP address. This virtual MAC address is used as the source for all VRRP messages sent by the active router, following the expected VRRP behavior defined in RFC3768.

    Note

    RFC 3768 compatibility is not available when using an IPv6 virtual address.

  • source-address: Sets the source IP address used for sending VRRP packets. This helps ensure that packets originate from the correct router interface.

    Note

    IPv4 and IPv6 source and virtual addresses cannot be mixed in the same VRRP group.

  • sync-group: Adds the VRRP group to a sync group. Sync groups allow multiple VRRP groups to failover together, ensuring that all virtual IPs transition between routers simultaneously. To use this option, you must first create a sync-group using system vrrp sync-group <id>.

    To better understand how this feature works, check the sync-group example

  • virtual-address: This parameter is REQUIRED, it must be configured for VRRP to work. The virtual address is the shared IP that will be used by the master router. This address moves between routers as they assume or relinquish the master role.

    Note

    IPv4 and IPv6 virtual addresses cannot be mixed in the same VRRP group.

Monitoring

To monitor the status and configuration of VRRP, as well as the sync groups, you can use the following commands:

  • system vrrp show: provides essential details, including the state of the VRRP instance (e.g., MASTER, BACKUP), priority levels, virtual IP address being managed or interface information and the last transition events. Use the show detail command to get extensive information on VRRP parameters:

    admin@osdx$ system vrrp show detail
Interface: eth0p0
  Group: 1
  State:                    BACKUP
  Last Transition:          5:11:15

  Master router: 10.0.0.1
  Master priority: 100

  Priority:                 100
  Advertisement interval:   1 sec
  Authentication type:      MD5
  Preempt:                  disabled

  Sync-group:               none

  VIP count:                1
      10.0.0.2

    Note

    Authentication type is not shown if the virtual addres is a IPv6 address.

  • system vrrp sync-group show: displays the status and configuration of VRRP sync groups, providing information like the sync group ID, the list of VRRP instances assigned to the sync group, or the state of each member instance within the group.

Examples

Here you can find examples related to VRRP.

Command Summary

Configuration commands

Operational commands