Vrrp
Examples for High Availability (VRRP)
VRRP with MD5 authentication
Description
This scenario checks that two OSDx devices can use VRRP with MD5 authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX18aBIivcYaU0V8Tpsq4ijKgsb2iwivoIQM= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type md5 set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1/NKzUgqNUKkhit8CEOAax+Ji99uT1t/Y0= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type md5 set interfaces ethernet eth0 vrrp vrrp-group 1 priority 100 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 5: Run command system vrrp show detail at DUT0 and check if output matches the following regular expressions:
MD5Show output
Interface: eth0 Group: 1 State: MASTER Last Transition: 0:00:03 Priority: 200 Advertisement interval: 1 sec Authentication type: MD5 Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 6: Run command system vrrp show detail at DUT1 and check if output matches the following regular expressions:
MD5Show output
Interface: eth0 Group: 1 State: BACKUP Last Transition: 0:00:00 Master router: 192.168.100.100 Master priority: 200 Priority: 100 Advertisement interval: 1 sec Authentication type: MD5 Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX18aBIivcYaU0V8Tpsq4ijKgsb2iwivoIQM= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type md5 set interfaces ethernet eth0 vrrp vrrp-group 1 disable set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Run command system vrrp show at DUT0 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:01 none
Step 9: Run command system vrrp show at DUT1 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
VRRP with plaintext-password authentication
Description
This scenario checks that two OSDx devices can use VRRP with plaintext-password authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX19Pn/BcDSkHDQHeIyLbMVCj8+WJe8z4VPI= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type plaintext-password set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:02 none
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX18O7mlsaTS/9isRTTsYObTxztNdTMpUBAc= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type plaintext-password set interfaces ethernet eth0 vrrp vrrp-group 1 priority 100 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 5: Run command system vrrp show detail at DUT0 and check if output matches the following regular expressions:
SIMPLE_PASSWORDShow output
Interface: eth0 Group: 1 State: MASTER Last Transition: 0:00:04 Priority: 200 Advertisement interval: 1 sec Authentication type: SIMPLE_PASSWORD Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 6: Run command system vrrp show detail at DUT1 and check if output matches the following regular expressions:
SIMPLE_PASSWORDShow output
Interface: eth0 Group: 1 State: BACKUP Last Transition: 0:00:01 Master router: ff02::12 Master priority: 0 Priority: 100 Advertisement interval: 1 sec Authentication type: SIMPLE_PASSWORD Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX19Pn/BcDSkHDQHeIyLbMVCj8+WJe8z4VPI= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type plaintext-password set interfaces ethernet eth0 vrrp vrrp-group 1 disable set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Run command system vrrp show at DUT0 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 9: Run command system vrrp show at DUT1 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
VRRP with AH authentication
Description
This scenario checks that two OSDx devices can use VRRP with AH authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1/cGvgM88IwgxL/tnwQq2v8mrYmq0luCUo= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type ah set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1/NiJpQpRDc8mcN1MHVAvoyVWaZWqEbNTI= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type ah set interfaces ethernet eth0 vrrp vrrp-group 1 priority 100 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 none
Step 5: Run command system vrrp show detail at DUT0 and check if output matches the following regular expressions:
IPSEC_AHShow output
Interface: eth0 Group: 1 State: MASTER Last Transition: 0:00:03 Priority: 200 Advertisement interval: 1 sec Authentication type: IPSEC_AH Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 6: Run command system vrrp show detail at DUT1 and check if output matches the following regular expressions:
IPSEC_AHShow output
Interface: eth0 Group: 1 State: BACKUP Last Transition: 0:00:00 Master router: 192.168.100.100 Master priority: 200 Priority: 100 Advertisement interval: 1 sec Authentication type: IPSEC_AH Preempt: disabled Sync-group: none VIP count: 1 192.168.10.1
Step 7: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 authentication encrypted-password U2FsdGVkX1/cGvgM88IwgxL/tnwQq2v8mrYmq0luCUo= set interfaces ethernet eth0 vrrp vrrp-group 1 authentication type ah set interfaces ethernet eth0 vrrp vrrp-group 1 disable set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 8: Run command system vrrp show at DUT0 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:01 none
Step 9: Run command system vrrp show at DUT1 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 none
VRRP rfc3768-compatibility configuration
Description
Check that a virtual interface is being created when this option is configured.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 priority 200 set interfaces ethernet eth0 vrrp vrrp-group 1 rfc3768-compatibility set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
Step 2: Run command interfaces show at DUT0 and check if output matches the following regular expressions:
eth0v1\s*192.168.10.1/32Show output
------------------------------------------------------------------- Name IP Address Admin Oper Vrf Description ------------------------------------------------------------------- eth0 192.168.100.100/24 up up fe80::dcad:beff:feef:6c00/64 eth0v1 192.168.10.1/32 up up eth1 down down
Two VRRP devices in same sync-group
Description
Configure 2 DUTs in the same sync-group to check that they do communicate between each other.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN0 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN0
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 MAIN0
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN1 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN1
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:01 MAIN1
Step 5: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth0 vrrp vrrp-group 1 disable
Step 6: Run command system vrrp sync-group MAIN0 show at DUT0 and check if output contains the following tokens:
BACKUPShow output
Group: MAIN0 State: BACKUP Monitoring: Interface: eth0, Group: 1
Step 7: Run command system vrrp sync-group MAIN1 show at DUT1 and check if output contains the following tokens:
MASTERShow output
Group: MAIN1 State: MASTER Monitoring: Interface: eth0, Group: 1
Two VRRP devices in same sync-group with MD5 authentication
Description
Configure 2 DUTs in the same sync-group to check that they do communicate between each other, with MD5 authentication.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 192.168.100.100/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN0 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN0 authentication encrypted-password U2FsdGVkX18uOWJEoxoVz/O4mhjVeE3EUYmgBZK4Lt8= set system vrrp sync-group MAIN0 authentication type md5
Step 2: Run command system vrrp show at DUT0 and check if output contains the following tokens:
MASTERShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 MASTER yes no 0:00:01 MAIN0
Step 3: Set the following configuration in DUT1 :
set interfaces ethernet eth0 address 192.168.100.101/24 set interfaces ethernet eth0 vrrp vrrp-group 1 sync-group MAIN1 set interfaces ethernet eth0 vrrp vrrp-group 1 virtual-address 192.168.10.1 set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system vrrp sync-group MAIN1 authentication encrypted-password U2FsdGVkX18tJB49xyDUV4LcT/eObuj4kbdgtmEQ7UY= set system vrrp sync-group MAIN1 authentication type md5
Step 4: Run command system vrrp show at DUT1 and check if output contains the following tokens:
BACKUPShow output
-------------------------------------------------------------------------------- Interface Group State RFC Compliant Addr Owner Last Transition Sync Group -------------------------------------------------------------------------------- eth0 1 BACKUP yes no 0:00:00 MAIN1
Step 5: Modify the following configuration lines in DUT0 :
set interfaces ethernet eth0 vrrp vrrp-group 1 disable
Step 6: Run command system vrrp sync-group MAIN0 show at DUT0 and check if output contains the following tokens:
BACKUPShow output
Group: MAIN0 State: BACKUP Monitoring: Interface: eth0, Group: 1
Step 7: Run command system vrrp sync-group MAIN1 show at DUT1 and check if output contains the following tokens:
MASTERShow output
Group: MAIN1 State: MASTER Monitoring: Interface: eth0, Group: 1