Dear Web User:
For Better View Of This Web Page, Please Use Any Latest Web Browser, Because Some Elements Are Not Work In The Old Web Browser (Might Not Be Displayed Properly Or Are Not Appearing properly!). Plz Note: Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here. This Page Discusses “VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP) CONFIGURATION EXAMPLES”, And Also We Request To The Students, Please Go Through All The Articles That Are We Posted In This Web Site And Also Identify All The CISCO IOS Commands In The Lab Practice Before Going To Access This Page. And Also We Hope All These Configurations Can Help You To Prepare For The CCNP TSHOOT (642-832) Exam. Thank You!SWITCHING NOTES FOR MORE REFERENCES:
1. ◙ - ➤ DESCRIPTION OF EACH PROTOCOLS:
2. ◙ - ➤ BASIC COLLECTION OF NETWORKING CONCEPTS:
3. ◙ - ➤ BASIC NETWORKING QUESTIONS AND ANSWER:
4. ◙ - ➤ ADDRESS RESOLUTION PROTOCOL (ARP):
5. ◙ - ➤ For More About - > ARP Vs ICMP:
6. ◙ - ➤ LAN SWITCHING:
7. ◙ - ➤ ETHERNET TECHNICAL OVERVIEW:
8. ◙ - ➤ VLAN TRUNKING PROTOCOL (VTP):
9. ◙ - ➤ VLAN TRUNKS WITH IEEE 802.1Q:
10. ◙ - ➤ VLAN TRUNKS WITH INTERSWITCH LINK (ISL):
11. ◙ - ➤ NATIVE VLAN CONFIGURATION:
12. ◙ - ➤ PRIVATE VLANS CONFIGURATION:
13. ◙ - ➤ CISCO - ISL Vs 802.1Q:
14. ◙ - ➤ VLANS NOTES
15. ◙ - ➤ VLAN QUICK REFERENCE:
16. ◙ - ➤ VLAN CREATION STEP BY STEP EXAMPLES:
17. ◙ - ➤ LAYER 2, LAYER 3AND LAYER 4 SWITCH COMPARISON:
18. ◙ - ➤ PAgP (Port Aggregation Protocol) VS LACP (Link Aggregation Control Protocol):
19. ◙ - ➤ HSRP, VRRP AND GLBP PROTOCOLS COMPARISON:
20. ◙ - ➤ TSHOOT (642-832):
FOR CCNP TSHOOT (642-832) REFERENCES:◙ - ➤ LIST OF SHOW COMMANDS REFERENCES:
◙ - ➤ TSHOOT DEMO PAGE:
◙ - ➤ TSHOOT TIPS:
◙ - ➤ TSHOOT STRATEGY:
◙ - ➤ LAYER 2, LAYER 3AND LAYER 4 SWITCH COMPARISON:
◙ - ➤ HSRP, VRRP AND GLBP PROTOCOLS COMPARISON:
◙ - ➤ TSHOOT (642-832):
HSRP, VRRP AND GLBP PROTOCOLS COMPARISON NOTES
DEFAULT GATEWAY REDUNDANCY Allows A Network To Recover From The Failure Of The Device Acting As The Default Gateway For End Nodes On A Physical Segment. The Ability Of A Network To Dynamically Recover From The Failure Of A Device Acting As A Default Gateway Is Known As FIRST-HOP REDUNDANCY (FHRP).
The Devices On This Shared Network Segment Are Usually Configured With A Single Default Gateway Address That Points To The Router That Connects To The Rest Of The Network. LAYER 1 And LAYER 2 REDUNDANCIES, A High-Availability Network. It Also Implement Layer 3 Redundancy By Sharing The Default Gateway Responsibility Across Multiple Devices.
FIRST HOP REDUNDANCY PROTOCOLS (FHRP), Such As HSRP, VRRP, And GLBP Provide Alternate Default Gateways For Hosts In The Switched Environment. HOT STANDBY ROUTER PROTOCOL (HSRP) Is A Cisco-Proprietary Redundancy Protocol For Establishing A Fault-Tolerant Default Gateway. It Is Described In RFC 2281. HSRP Provides A Transparent Failover Mechanism To The End Stations On The Network. This Provides Users At The Access Layer With Uninterrupted Service To The Network If The Primary Gateway Becomes Inaccessible. THE VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP) Is A Standards-Based Alternative To HSRP And Is Defined In RFC 3768. The Two Technologies Are Similar But Not Compatible. GATEWAY LOAD BALANCING PROTOCOL (GLBP): - No RFC (Cisco Proprietary) - Used With Cisco Routers - This Is An Enhancement Over HSRP, In That It Offers Load Sharing By Default.
◙ - ➤ For More About - > HSRP, VRRP AND GLBP PROTOCOLS COMPARISON NOTES:
VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP)
Virtual Router Redundancy Protocol (VRRP) Provides A Solution By Combining Number Of Routers Into Logical Group Called Virtual Router (VR). VRRP Implementation In Routeros Is Compliant To VRRPv2 RFC 3768 And VRRPv3 RFC 5798. To VRRPv3 RFC 5798To Make VRRP Work In IPv6 Networks, Several Additional Options Must Be Enabled - V3 Support Is Required And Protocol Type Should Be Set To IPv6. The Purpose Of The VRRP Is To Communicate To All VRRP Routers Associated With The Virtual Router ID And Support Router Redundancy Through A Prioritized Election Process Among Them. All Messaging Is Done By IPv4 Or IPv6 Multicast Packets. Destination Address Of IPv4 Packet Is 224.0.0.12 And For IPv6 It Is FF02:0:0:0:0:0:0:12. Source Address Of The Packet Is Always The Primary IP Address Of An Interface From Which The Packet Is Being Sent. In Ipv6 Networks Source Address Is Link-Local Address Of An Interface.
The VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP) Is An Election Protocol That Dynamically Assigns Responsibility For One Or More Virtual Routers To The VRRP Routers On A LAN, Allowing Several Routers On A Multi-access Link To Utilize The Same Virtual IP Address. In A VRRP Configuration, One Router Is Elected As The Virtual Router Master, With The Other Routers Acting As Backups In Case The Virtual Router Master Fails. The Election Process Provides Dynamic Fail Over In The Forwarding Responsibility Should The Master Become Unavailable. This Allows Any Of The Virtual Router IP Addresses On The LAN To Be Used As The Default First Hop Router By End-Hosts. The Advantage Gained From Using VRRP Is A Higher Availability Default Path Without Requiring Configuration Of Dynamic Routing Or Router Discovery Protocols On Every End-Host. ◙ The Router With The Highest Priority Becomes The Master Router.
◙ All Other Routers Become Backup Routers.
◙ By Default, The Virtual MAC Address Is 0000.5e00.01xx, Where Xx Is The Hexadecimal Group Number.
◙ Hellos Are Sent Every 1 Second, By Default.
◙ VRRP Hellos Are Sent To Multicast Address 224.0.0.18.
◙ VRRP Will Preempt By Default.
VRRP Can Solve The Static Configuration Problem. VRRP Enables A Group Of Routers To Form A Single Virtual Router. The LAN Clients Can Then Be Configured With The Virtual Router As Their Default Gateway. The Virtual Router, Representing A Group Of Routers, Is Also Known As A VRRP Group. VRRP Is Supported On Ethernet, Fast Ethernet, BVI, And Gigabit Ethernet Interfaces, And On MPLS VPNs, VRF-Aware MPLS VPNs, And VLANs.
VRRP LIMITATIONS
◙ The VRRP Implementation On The Switch Does Not Support The MIB Specified In RFC 2787.
◙ The VRRP Implementation On The Switch Supports Only Text-Based Authentication.
BENEFITS OF VRRP
◙ - ➤ LOAD SHARING: You Can Configure VRRP In Such A Way That Traffic To And From LAN Clients Can Be Shared By Multiple Routers, Thereby Sharing The Traffic Load More Equitably Among Available Routers.
◙ - ➤ MULTIPLE VIRTUAL ROUTERS: VRRP Supports Up To 255 Virtual Routers (VRRP Groups) On A Router Physical Interface, Subject To The Platform Supporting Multiple MAC Addresses. Multiple Virtual Router Support Enables You To Implement Redundancy And Load Sharing In Your LAN Topology.
◙ - ➤ MULTIPLE IP ADDRESSES: The Virtual Router Can Manage Multiple IP Addresses, Including Secondary IP Addresses. Therefore, If You Have Multiple Subnets Configured On An Ethernet Interface, You Can Configure VRRP On Each Subnet.
◙ - ➤ PREEMPTION: The Redundancy Scheme Of VRRP Enables You To Preempt A Virtual Router Backup That Has Taken Over For A Failing Virtual Router Master With A Higher Priority Virtual Router Backup That Has Become Available.
◙ - ➤ AUTHENTICATION: VRRP Message Digest 5 (MD5) Algorithm Authentication Protects Against VRRP-Spoofing Software And Uses The Industry-Standard MD5 Algorithm For Improved Reliability And Security.
◙ - ➤ ADVERTISEMENT PROTOCOL: VRRP Uses A Dedicated Internet Assigned Numbers Authority (IANA) Standard Multicast Address (224.0.0.18) For VRRP Advertisements. This Addressing Scheme Minimizes The Number Of Routers That Must Service The Multicasts And Allows Test Equipment To Accurately Identify VRRP Packets On A Segment. The IANA Assigned VRRP The IP Protocol Number 112.
◙ - ➤ VRRP OBJECT TRACKING: VRRP Object Tracking Provides A Way To Ensure The Best VRRP Router Is The Virtual Router Master For The Group By Altering VRRP Priorities To The Status Of Tracked Objects Such As The Interface Or IP Route States.
◙ - ➤ VRRP ROUTER PRIORITY AND PREEMPTION: An Important Aspect Of The VRRP Redundancy Scheme Is VRRP Router Priority. Priority Determines The Role That Each VRRP Router Plays And What Happens If The Virtual Router Master Fails. If A VRRP Router Owns The IP Address Of The Virtual Router And The IP Address Of The Physical Interface, This Router Will Function As A Virtual Router Master. Priority Also Determines If A VRRP Router Functions As A Virtual Router Backup And The Order Of Ascendancy To Becoming A Virtual Router Master If The Virtual Router Master Fails. You Can Configure The Priority Of Each Virtual Router Backup With A Value Of 1 Through 254 Using The “VRRP Priority” Command. The VRRP Router With The Higher Priority Can Now Become The Virtual Router Master If It Has The “VRRP Preempt” Command Configured. The Virtual Router Master Sends VRRP Advertisements To Other VRRP Routers In The Same Group. The Advertisements Communicate The Priority And State Of The Virtual Router Master. The Master Advertisement Value Displayed In The “Show VRRP” Command Output On The Backup Routers Is Always 1 Second Because The Packets On The Backup Routers Do Not Accept Millisecond Values.
PROTOCOL FEATURES | HSRP | VRRP | GLBP |
---|---|---|---|
SCOPE | Cisco Proprietary | IEEE Standard | Cisco Proprietary |
STANDARD | RFC2281 | RFC3768 | None |
OSI LAYER | Layer-3 | Layer-3 | Layer-2 |
LOAD BALANCING< | No | No | Yes |
MULTICAST GROUP IP ADDRESS | 224.0.0.2 in version 1224.0.0.102 In Version 2 | 224.0.0.18 | 224.0.0.102 |
TRANSPORT PORT NUMBER | UDP 1985 | UDP 112 | UDP 3222 |
TIMERS | Hello – 3 Sec | Advertisement – 1 sec | Hello – 3sec |
Hold – 10 sec | Master down time = 3*Advertisement Time + Skew TimeSkew Time = (256- Priority)/256 | Hold – 10sec | |
ELECTION | Active Router:1.Highest Priority2. Highest IP Address (Tiebreaker) | Master Router: (*) 1-Highest Priority 2-Highest IP (Tiebreaker) |
Active Virtual Gateway: 1-Highest Priority 2-Highest IP (Tiebreaker) |
ROUTER ROLE | -One Active Router, one Standby Router-One Or More Listening Routers | - One Active Router- One or More Backup Routers | - One AVG (Active Virtual Gateway)- Up To 4 AVF Routers On The Group (Active Virtual Forwarder) Passing Traffic.- Up To 1024 Virtual Routers (Glbp Groups) Per Physical Interface. |
PREEMPT | If Active Router(Highest Priority) Is Down And Up Again, Preempt Should Be Configured To Become A Active Router Again | By Default Preempt is ON in VRRP, If Active Router Is Down And Up Again, It Will Automatically Become A Master Router | If Active Router(Highest Priority) Is Down And Up Again, Preempt Should Be Configured To Become A Active Router Again. |
GROUP VIRTUAL MAC ADDRESS | 0000.0c07.acxx | 0000.5e00.01xx | 0007.b4xx.xxxx |
IPv6 SUPPORT | Yes | To VRRPv2 RFC 3768 (IPv4) And VRRPv3 RFC 5798 (IPv6) - To Make VRRP Work In IPv6 Networks, Several Additional Options Must Be Enabled - V3 Support Is Required And Protocol Type Should Be Set To IPv6. | Yes |
ENABLING VRRP (VIRTUAL ROUTER REDUNDANCY PROTOCOL) - STEP BY STEP CONFIGURATION GUIDELINES
2. Configure Terminal - > Router# Configure Terminal
3. Interface Type Number - > Router(Config)# Interface Gigabit Ethernet 0/0/0
4. IP Address IP-Address Mask - > Router(Config-If)# IP Address 172.16.6.5 255.255.255.0
5. VRRP Group Description Text - > Router(Config-If)# VRRP 10 Description Working-Group (Assigns A Text Description To The VRRP Group.)
6. VRRP Group Priority Level - > Router(Config-If)# VRRP 10 Priority 110 (Sets The Priority Level Of The Router Within A VRRP Group. The Default Priority Is 100)
7. VRRP Group Preempt [Delay Minimum Seconds] - > Router(Config-If)# VRRP 10 Preempt Delay Minimum 380 (Configures The Router To Take Over As Virtual Router Master For A VRRP Group If It Has A Higher Priority Than The Current Virtual Router Master. The Default Delay Period Is 0 Seconds.)
8. VRRP Group Timers Advertise [Msec] Interval - > Router(Config-If)# VRRP 10 Timers Advertise 110 (Configures The Interval Between Successive Advertisements By The Virtual Router Master In A VRRP Group)
Note All Routers In A VRRP Group Must Use The Same Timer Values. If The Same Timer Values Are Not Set, The Routers In The VRRP Group Will Not Communicate With Each Other And Any Misconfigured Router Will Change Its State To Master.
9. VRRP Group Timers Learn - > Router(Config-If)# VRRP 10 Timers Learn (Configures The Router, When It Is Acting As Virtual Router Backup For A VRRP Group, To Learn The Advertisement Interval Used By The Virtual Router Master.)
10. Exit - > Router(Config-If)# Exit
11. No VRRP SSO - > Router(config)# No VRRP SSO (Optional) Disables VRRP Support of SSO.VRRP Support Of SSO Is Enabled By Default). This Feature Is Enabled By Default. To Disable This Feature, Use The No VRRP SSO Command In Global Configuration Mode.
◙ - ➤ VRRP SUPPORT FOR STATEFUL SWITCHOVER (VRRP SSO): With The Introduction Of The VRRP Support For Stateful Switchover Feature, VRRP Is SSO Aware. VRRP Can Detect When A Router Is Failing Over To The Secondary RP And Continue In Its Current Group State.
SSO Functions In Networking Devices (Usually Edge Devices) That Support Dual Route Processors (RPs). SSO Provides RP Redundancy By Establishing One Of The RPs As The Active Processor And The Other RP As The Standby Processor. SSO Also Synchronizes Critical State Information Between The RPs So That Network State Information Is Dynamically Maintained Between RPs.
Prior To Being SSO Aware, If VRRP Was Deployed On A Router With Redundant RPs, A Switchover Of Roles Between The Active RP And The Standby RP Would Result In The Router Relinquishing Its Activity As A VRRP Group Member And Then Rejoining The Group As If It Had Been Reloaded. The SSO--VRRP Feature Enables VRRP To Continue Its Activities As A Group Member During A Switchover. VRRP State Information Between Redundant RPs Is Maintained So That The Standby RP Can Continue The Router’s Activities Within The VRRP During And After A Switchover.
12. Show VRRP [Brief] | Group] - > Router# Show VRRP 10 (Displays A Brief Or Detailed Status Of One Or All VRRP Groups On The Router).
13. Show VRRP Interface Type Number [Brief] - > Router#Show VRRP Interface Type Number [Brief] (Displays The VRRP Groups And Their Status On A Specified Interface.)
VRRP - DIAGNOSTIC (VERIFYING) COMMANDS
Router#Show VRRP - > Displays VRRP Information
Router#Show VRRP Brief - > Displays A Brief Status Of All VRRP Groups
Router#Show VRRP 10 - > Displays Detailed Information About VRRP Group 10
Router#Show VRRP Interface Fastethernet 0/0 - > Displays Information About VRRP As Enabled On Interface Fastethernet 0/0
Router#Show VRRP Interface Fastethernet 0/0 Brief - > Displays A Brief Summary About VRRP On Interface Fastethernet 0/0
VRRP - DEBUGGING COMMANDS
Router#Debug VRRP Error - > Displays All VRRP Error Messages
Router#Debug VRRP Events - > Displays All VRRP Event Messages
Router#Debug VRRP Packets - > Displays Messages About Packets Sent And Received
Router#Debug VRRP State - > Displays Messages About State Transitions
NOTE: When A VRRP Group Has Been Configured Using The VRRP Group-Number IP Command, The Protocol Is Fully Operational. The VRRP Shutdown Command Is Not Displayed On The Router, And To Disable The Protocol For One Group. The VRRP Shutdown Command Should Not Be Used On An Interface That Is Configured To Share Its Interface IP Address With The VRRP Virtual Address. This Is A Misconfiguration And May Result In Duplicate IP Address Errors.
BASIC VRRP CONFIGURATION STEPS BY STEPS EXAMPLES
◙ - ➤ EXAMPLES FOR CONFIGURATION FOR VRRP: Router(Config)#Interface Fastethernet 0/0 - > Moves To Interface Config Mode
Router(Config-If)#IP Address 172.16.100.5 255.255.255.0 - > Assigns IP Address And Netmask
Router(Config-If)#VRRP 10 IP 172.16.100.1 - > Enables VRRP For Group 10 On This Interface With A Virtual Address Of 172.16.100.1. The Group Number Can Be From 1 To 255.
Router(Config-If)#VRRP 10 Description Engineering - > Group Assigns A Text Description To The Group
Router(Config-If)#VRRP 10 Priority 110 - > Sets The Priority Level For This Router. The Range Is From 1 To 254. The Default Is 100.
Router(Config-If)#VRRP 10 Preempt - > This Router Will Preempt, Or Take Over, As The Virtual Router Master For Group 10 If It Has A Higher Priority Than The Current Virtual Router Master.
Router(Config-If)#VRRP 10 Preempt Delay Minimum 60 - > This Router Will Preempt, But Only After A Delay Of 60 Seconds ( The Default Delay Period Is 0 Seconds). Router(Config-If)#VRRP 10 Timers Advertise 15 - > Configures The Interval Between Successful Advertisements By The Virtual Router Master. The Default Interval Value Is 1 Second. All Routers In A VRRP Group Must Use The Same Timer Values. If Routers Have Different Timer Values Set, The VRRP Group Will Not Communicate With Each Other. The Range Of The Advertisement Timer Is 1 To 255 Seconds. If You Use The Msec Argument, You Change The Timer To Measure In Milliseconds. The Range In Milliseconds Is 50 To 999.
Router(Config-If)#VRRP 10 Timers Learn - > Configures The Router, When Acting As A Virtual Router Backup, To Learn The Advertisement Interval Used By The Virtual Router Master
Router(Config-If)#VRRP 10 Shutdown - > Disables VRRP On The Interface, But Configuration Is Still Retained
Router(Config-If)#No VRRP 10 Shutdown - > Reenables The VRRP Group Using The Previous Configuration.
VRRP CONFIGURATION EXAMPLES
CONCLUSION:
The Goal Of This Article Is To Give An Easy Way To Understand The “VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP) CONFIGURATION EXAMPLES" And Also We Hope This Guide Will Help Every Beginner Who Are Going To Start Cisco Lab Practice Without Any Doubts. Some Topics That You Might Want To Pursue On Your Own That We Did Not Cover In This Article Are Listed Here!Hands - On Experience Is An Invaluable Part Of Preparing For The Lab Exam And Never Pass Up An Opportunity To Configure Or Troubleshoot A Router ( If You Have Access To Lab Facilities, Take Full Advantage Of Them) There Is No Replacement For The Experience You Can Gain From Working In A Lab, Where You Can Configure Whatever You Want To Configure And Introduce Whatever Problems You Want To Introduce, Without Risk Of Disrupting A Production Network. Thank You And Best Of Luck
This Article Written Author By: Mr. Premakumar Thevathasan - CCNA And CCNP (Routing & Switching), MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+ And Etc.
WARNING AND DISCLAIMER:
Routers Direct And Control Much Of The Data Flowing Across Computer Networks. This Guide Provides Technical Guidance Intended To Help All Network Students, Network Administrators And Security Officers Improve Of Their Demonstrated Ability To Achieve Specific objectives Within Set Timeframes.This Document Carries No Explicit Or Implied Warranty. Nor Is There Any Guarantee That The Information Contained In This Document Is Accurate. Every Effort Has Been Made To Make All Articles As Complete And As Accurate As Possible, But No Warranty Or Fitness Is Implied.
It Is Offered In The Hopes Of Helping Others, But You Use It At Your Own Risk. The Author Will Not Be Liable For Any Special, Incidental, Consequential Or Indirect Any Damages Due To Loss Of Data Or Any Other Reason That Occur As A Result Of Using This Document. But No Warranty Or Fitness Is Implied. The Information Provided Is On An "As Is" Basic. All Use Is Completely At Your Own Risk.
Home Page Of - > The School Of Cisco Networking (SCN)
Page Of - > SCN InF4 TECH
Contact Details / About Us Page
To Send Email
No comments:
Post a Comment