Hello and welcome to the Cisco section! Today we will be looking at implementing redundancy on Layer 2 using VRRP . This post will cover Cisco VRRP configuration. Cisco does offer a proprietary protocol called HSRP which works similar to VRRP, however, we will not be covering HSRP in this post.
What is VRRP?
If you didn't read the wiki article linked. I will try to explain a shortened version of what the protocol is. VRRP is an industry standard redundancy protocol which functions on Layer 2. It allows us a way of keeping network connectivity should a piece of equipment or link go down in our network. VRRP is configured on devices within the same broadcast domain where we will assign a floating IP address that exists on all devices participating within the VRRP process, however, the floating IP is only live on one piece of equipment at any given time. This is done through some smart configuration where one device will act as a master and the other device(s) will act as slaves and will only become live when something happens to the master.
An example would be that we would assign 192.168.0.1/24 on two different routers and our client machine will use this IP as a default-gateway. The router that's currently the master will have 192.168.0.1 as the live IP address and traffic from the client machine will send traffic through the master. If the master drops then the slave router will become the new master and the 192.168.0.1 IP will go live on the new router. This means that there is very little downtime from the client machine perspective as no default-gateway has to be updated to get out to the internet. The process was also automatic and required no intervention from an administrator to restore connectivity to the site. If you are a large enterprise and cannot afford any downtime then VRRP is something that I could recommend for redundancy.
Let's configure VRRP in the below lab. If you have GNS3 you are welcome to follow along by adding your own nodes, if not we have an entire section dedicated to installing GNS3 which could help you lab these concepts yourself helping you learn and understand a bit better.
In the above topology, we are making use of two different Cisco routers which connect to the internet through two different ISPs. We have been tasked to configure VRRP should R1 go down either through a hardware fault or a link issue to the core switch that traffic automatically routes through R2.
Let's first log into the console window of R1 and have a look at the current configuration of the interface connecting to the switch.
The configuration for Gi0/1 is very basic, the most important thing to note about the configuration is that we have assigned an IP address to the interface as 172.17.0.2/24. This is important to note as even though there will be a floating IP address, each device participating in the VRRP process also needs to be in the same broadcast domain and will require a unique IP on the interface or VLAN where you are configuring VRRP.
Let's head into the interface configuration mode and add the VRRP configuration. So let's type in "Config T" and switch to interface configuration by typing "int Gi0/1". Now let's fill in the VRRP Configuration:
- vrrp 1 ip 172.17.0.1 (This will set the floating IP)
- vrrp 1 priority 200 (This will set the priority in the election process)
I would just like to deconstruct these two pieces of configuration, when we type vrrp we are stating to the router that we are configuring vrrp on this interface, the number next to it is the VRRP group we are configuring this in. The groups need to be matched on all equipment participating in the VRRP election process, and the last part of the configuration we are stating what the floating IP address is.
As for the second part of the configuration we are still adding to the vrrp of group 1, however we are setting a priority. The device with the higher priority will always be elected the master, the device(s) with a lower priority will be set as slaves.
After leaving configuration mode we can do the "show vrrp" command which will give us information on the current VRRP status. This is useful as it will tell us if the router is a master or a slave, what the virtual IP address and mac address is as well as other configurable settings for VRRP.
If VRRP is not configured then the router will not return any output when you use the command.
We've completed half the setup already! Now let's log into R2's console and also have a look at our interfaces as well as the configuration of the interface that is connecting to the core switch.
As we mentioned before the real IP of the interface will be unique, R1's IP address was 172.17.0.2/24 the IP address of R2 is 172.17.0.3/24. We also see that both routers are within the same broadcast domain meaning that they are able to directly communicate, if you were to ping R1's IP you would get a response. Let's add the VRRP configuration to the interface of R2 that is connecting to the core switch.
Enter configuration mode by typing "config t" and change to the interface configuration mode by typing "int gi0/1" now let's add the VRRP config:
- vrrp 1 ip 172.17.0.1 (This will set the floating IP)
- vrrp 1 priority 100 (This will set the priority in the election process)
When done you can type "ctrl + z" and exit configuration mode then just save your configuration by typing "wr".
Let's confirm that VRRP is running off of R2 by typing the "show vrrp" command. You will notice that the state of R2 is set to slave. This means that we have completed the Cisco VRRP Configuration.
Testing the VRRP
We have a computer connected to a switch which uplinks to both routers. The computer is set to use 172.17.0.1 as the default gateway which is the VRRP floating IP. We can see if VRRP is functioning by running a ping test to the internet and by shutting down R1 where floating IP is currently live.
After bringing down the router we notice that PC1 has packets that are dropping while VRRP is changing the slave to master. The moment the election process is finished and R2 becomes the new master the ping simply resume.
We can also verify that R2 is now the new master by logging into its console and running a "show vrrp" command. You will now see that the State has changed from "State is Slave" to "State is Master"
That's a Wrap
You have now successfully implemented and learned Cisco VRRP configuration. You can carry this knowledge with you to different vendors as VRRP is an industry standard and in essence, works the same on any piece of equipment that supports it. I hope that this has been informative and that you have learned something new.