Skip to main content
Versa Networks

Configure VRRP

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

The Virtual Router Redundancy Protocol (VRRP) allows you to have one or more backup routers when you are using a statically configured router on a LAN. If the active router fails, a backup router takes over and continues to forward packets. For VRRP, you configure a virtual IP address, either manually or with DHCP, that is shared among two or more routers. One router is designated the active and the others are backup routers. If the active router fails, the virtual IP address is mapped to the IP address of one of the backup routers.

To configure VRRP, you do the following:

  • Configure VRRP options
  • Configure VRRP groups

You can also use VRRP to configure high availability (HA) redundancy for Azure VMs.

Configure VRRP Options

VRRP options are global VRRP properties that you configure on a Versa Operating SystemTM (VOSTM) device.

To configure VRRP options:

  1. In the Director view:
    1. Select the Configuration tab in the top menu bar.
    2. Select Devices > Devices in the horizontal menu bar.
    3. Select an organization in the left menu bar.
    4. Select a Controller node in the main pane. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Networking > VRRP > Options in the left navigation bar. The VRRP Options pane displays.

    vrrp-options-home.png
     
  4. Click the edit-icon.png Edit icon. In the Edit VRRP Options popup window, enter information for the following fields.

    edit-vrrp-options1.png
     
    Field Description
    MAC Address Mode

    Select the type of MAC address to use for VRRP:

    • Physical
    • Virtual. This is the default.
    Version

    Select the VRRP version to use:

    • VRRP version 2
    • VRRP version 3. This is the default.
    Alarm Logs Soak Time Enter how long VRRP waits to determine whether a condition is transient or persistent, in seconds. If the condition is persistent, VRRP sends an alarm and reports the condition in the versa-vrrpd.log file.
    Range: 0 through 65535 seconds
    Default: None
    IPv4 Checksum with Pseudoheader

    Click to enable calculation of the VRRP checksum.

Note that for Releases 21.2.1 and later, use of the Unicast Peer IP Address option is deprecated, and this field has been removed from the Edit VRRP Options popup window.

  1. Click OK.

Configure VRRP Groups

To use VRRP, you configure VRRP groups. The procedure in this section describes how to configure VRRP by specifying an interface name. You can also configure VRRP when you are configuring an Ethernet interface, as described in Configure Interfaces.

To configure VRRP by specifying an interface name:

  1. In the Director view:
    1. Select the Configuration tab in the top menu bar.
    2. Select Devices > Devices in the horizontal menu bar.
    3. Select an organization in the left menu bar.
    4. Select a Controller node in the main panel. The view changes to Appliance view.
  2. Select the Configuration tab in the top menu bar.
  3. Select Networking > VRRP > Groups in the left navigation bar.
  4. Select the V4 or V6 tab and click the add-icon+.png Add icon. The main pane displays the VRRP groups that are already configured.

    vrrp-groups-home.png
  5. In the Add VRRP Group popup window, select the General tab, and enter information for the following fields.

    add-vrrp-group-v4-general.png
     
    Field Description
    Group ID Enter a text identifier for the VRRP group.
    Interface Select the interface assigned to the interface on which the VRRP group is configured.
    Unit Select the subinterface on which to configure the VRRP group.
    Inherit Configuration (Group of Fields) Click to have VRRP inherit the properties of another interface.
    • Interface Name
    		 Select the name of the interface from which to have VRRP inherit properties.
    • VRRP Group ID
    		 Enter the VRRP group ID.
    Preempt Mode

    Select how the VRRP active router is elected from among the routers in the VRRP group:

    • Non-Preempt—When a VRRP active router goes down and a backup router takes over as the active router, the previous active router remains a backup router when it comes back up in spite of the fact that it has a higher priority than the router that has taken over the active role.
    • Preempt—When a VRRP active router goes down and a backup router takes over as the active router, the previous active router takes over again as the active router as soon as it comes back up, because it has a higher priority than the backup router. This is the default.

    Default: Preempt
    Address Enter the IP address to associate with the VRRP group.
    Priority

    Enter the priority to assign to the interface. The interface with the higher or highest priority becomes the VRRP active router.

    When you configure a VRRP priority value, be aware that value can be reduced by various objects that VRRP can track, such as interfaces, routes, monitor objects, and HA state. When you choose a priority value, you must make sure that you account for a worst-case scenario so that the priority never goes below 0. As an example, consider a VRRP group that is configured on the interface vni-0/0.0 with priority of 200 and that is tracking the interface vni-0/1.0, which has a priority cost of 20. When the vni-0/1.0 goes down, its priority cost is subtracted from the configured priority of 200. As a result, the current (dynamic) priority becomes (200 – 20), or 180. In this example, the vni-0/1.0 interface is the tracking object.

    Range: 1 through 254
    Default: 100
    Virtual Address Enter the virtual address or addresses to include in the VRRP group.
    Advertisements Threshold Enter the number of VRRP advertisements that the backup router can miss before declaring the active router to be down. If you are configuring VRRP on Azure VMs, adjust the advertisement threshold to either 7 or 10, to provide time for Azure to update the next-hop IP address in the Azure user-defined routing (UDR) tables.
    Warmup Interval

    Enter how long the interface waits before determining which VRRP router is the active and which is the backup.

    Range: 1 through 3600 seconds
    Default: 30 seconds
    Fast Interval

    For VRRP Version 3 only, enter how often the active and backup routers exchange VRRP advertisement messages.

    Range: 10 through 50000 milliseconds
    Default: 1000 milliseconds
    HA Slave Priority Cost Enter the value subtracted from the priority when the interchassis HA state of the VOS device changes from active to standby.
    Range: 1 through 254
    Default: 100
    Unicast Peer IP Address

    Enter the IP address of the VRRP peer node to have the VRRP group operate in unicast mode.
    Accept Data Click to have the interface accept data when received. Otherwise, the data is routed to another interface.
  6. Select the Track tab to configure VRRP tracking. VRRP tracking allows the VOS device to decrease the priority of its VRRP group when one or multiple events occur. At any given time, the VRRP device with the highest priority owns the IP address on the interface. VRRP tracking allows you to configure which events cause the interface to give up its IP address to a VRRP peer. You can configure VRRP to track interface, route, or monitor objects. Note that these objects are mutually exclusive; you can configure VRRP tracking for only one of them.
    1. For all three VRRP tracking objects, configure the priority hold time.

      add-vrrp-group-v4-track.png
       
      Field Description
      Priority Hold Time

      Enter the virtual router priority hold time, in seconds. This timer controls how long a device that is an active router keeps the IP address when an event occurs that make it less prioritized. For example, suppose a route on the device is tracked and the route becomes unavailable. If the hold time value is 10, the device keeps the IP address for 10 seconds. If, after 10 seconds, the device still has a lower VRRP priority than its neighbors, it gives up the IP address. If both the VRRP active and VRRP backup router lose the same route, they decrease their priority equally and no IP address switchover occurs.

      Range: 0 through 3600 seconds
      Default: 0 seconds
    2. To configure VRRP tracking using interfaces, select the Interface tab. Enter information for the following fields.

      add-vrrp-group-v4-track.png
       
      Field Description
      Name Select the primary interface on the active router in the VRRP group.
      Priority Cost

      Enter the value to subtract from the VRRP group priority if the interface goes down.The VRRP router with the highest priority in the VRRP group then becomes the active router.

      You can track more than one interface at a time, and if one of the interfaces goes down, each interface monitor individually subtracts its priority cost. For example, suppose you track two interfaces and set the priority cost for each of them to 100. If one of the interfaces goes down, the VRRP group priority decreases by 100. If both interfaces go down, the VRRP group priority decreases by 200.
      Range: 1 through 254
      Default: 100
      add-icon-blue-square.png Add icon Click the add-icon-blue-square.png Add icon to add the interface, and then click OK.
  1. To configure VRRP tracking using routes, select the Routes tab. Enter information for the following fields.

    add-vrrp-group-v4-track-routes.png
     
    Field Description
    Prefix Enter the IPv4 or IPv6 prefix and length of the interface on which VRRP group is configured.
    Routing Instance Select the routing instance to which the route applies.
    Priority Cost

    Enter the value to subtract from the VRRP group priority if the interface goes down.The VRRP router with the highest priority in the VRRP group then becomes the active router.

    You can track more than one prefix at a time. Each prefix is tracked separately, and the priority cost is subtracted if the prefix is no longer available.

    Range: 1 through 254
    Default: 100
    add-icon-blue-square.png Add icon Click the add-icon-blue-square.png Add icon to add the interface, and then click OK.
  2. To configure VRRP tracking using IP SLA monitors, select the Monitors tab. Enter information for the following fields. VRRP uses the objects to track the monitor state, and depending on the state, the VRRP group decreases its priority cost. Enter information for the following fields.

    add-vrrp-group-v4-track-monitors.png
     
    Field Description
    Name Select the monitor to use for tracking. For more information, see Configure IP SLA Monitor Objects.
    Priority Cost

    Enter the value to subtract from the VRRP group priority if the interface goes down. The VRRP router with the highest priority in the VRRP group then becomes the active router.

    You can add more than one monitor. Each monitor is tracked separately, and each subtracts its priority cost if it goes down.

    Range: 1 through 254
    Default: 100
    add-icon-blue-square.png Add icon Click the add-icon-blue-square.png Add icon to add the interface, and then click OK.

Configure VRRP on Azure VMs

To configure high availability (HA) redundancy for Azure virtual machines (VMs), you can use VRRP. To implement this, you must configure both the VOS software and the Azure public cloud. To configure the VOS software, you create a redundant pair of VMs for Azure that run VRRP. In the Azure public cloud, you establish HA using either Azure managed identity or an Azure standard load balancer.

For more information about Azure VMs, see Install on Azure.

Configure VRRP for Azure VMs on the Versa Device

For the VOS device configuration, when you create a post-staging configuration template for the two Azure VMs using Workflows, you create a redundant pair to establish active-active redundancy.

To configure the redundancy:

  1. In Director view, select the Workflows tab in the top menu bar.
  2. Select Templates > Templates in the left menu bar.
  3. Click the Add icon to create a new template. The Create Template popup window displays.

    vrrp-create-template.png
     
  4. Enter a name for the template, and select a template type and organization name.
  5. In the Redundant Pair group of fields, click Enable, VRRP, and Cloud CPE. These three options set the VRRP MAC address mode to physical and enable unicast mode at the VRRP group level. For more information, see Configure VRRP Options, above.
  6. Configure information for the other fields. For more information, see Create Post-Staging Templates. Note that for VRRP, the primary template is used to create the primary device and the redundant template is used to create the secondary device.

For more information about using the template in conjunction with Workflows, see Create Device Templates.

Configure VRRP for HA in the Azure Public Cloud

You can establish HA (VRRP) in the Azure public cloud using Azure managed identity, which uses API-driven Azure user-defined route (UDR) switching. This method has no dependency on another object, such as a Microsoft standard load balancer, to act as a VRRP proxy. One limitation of this method is that all resources that use a redundant pair of VOS devices as the cloud gateway must have the same license subscription and must be in the same resource group.

The following figure illustrates a deployment that uses Azure managed identity for VRRP HA. When you use managed identity, you modify Azure UDRs for the spoke subnetworks that belong to the same subscription ID as the VOS device. From the Azure portal, you also enable managed identify on the VOS device. Doing this enables the VM to authenticate to cloud services, which is required to run the azure_udr script. Then, you grant all necessary permissions use Azure role-based access control (RBAC).

azure-vrrp-managed-identity.png

To use Azure managed identity for VRRP:

  1. Enable managed identity on the first VOS VM in the redundant pair. In the following screenshot, this VM is called AZURE-PERF-01.

    azure-enable-managed-identify.png
     
  2. Enable managed identity on the first VOS VM in the redundant pair. In the following screenshot, this VM is called AZURE-PERF-02.

    azure-enable-managed-identity2.png
     
  3. For the Azure resource group, add a contributor-level role assignment for the VOS VMs. You do this so that the VOS VM (that is, the Azure managed identity) can update the required UDR routes on the VRRP active VOS device in case a VRRP switchover occurs. When you use this option, you do not need to use the Azure standard load balancer.
    1. Navigate to Subscription > IAM > Add a role assignment.
    2. Select the Azure VM.
    3. Assign the contributor role to the VM.
  4. Assign a public IP address to the VM's management interface to allow the VM to make API calls to the Azure resources available at management.azure.com.

Supported Software Information

Releases 20.2 and later support all content described in this article, except:

  • For Releases 21.2.1 and later, the Unicast Peer IP Address option in the Edit VRRP Options screen is deprecated.